Hello Vinicius,
If you follow the rules found in Deployment Recomendations [1] I don't see
why it wouldn't work.
I think your best option is to follow the old discussion [2], and set
delegation on AD side, and PTR records on IPA side. You'll also need to
grant permission for the dynamic updates as stated in that same thread.
Rafael
[1]
https://www.freeipa.org/page/Deployment_Recommendations
[2]
https://www.redhat.com/archives/freeipa-users/2015-June/msg00555.html
On Wed, May 20, 2020 at 10:04 PM Vinícius Ferrão via FreeIPA-users <
freeipa-users(a)lists.fedorahosted.org> wrote:
I would like to know how to handle reverse DNS zones when AD trust is
enabled.
I do have separate domains for AD and IPA as required, but the reverse
zones are
mixed, since the hosts are on the same network, which is common.
In this scenario where should the reverse DNS zone be hosted? On the AD
side? On IPA? How to make this work without breaking dynamic DNS updates
for the PTR zones? Should any of them keep the zones as slaves?
There’s some older discussions here on the list but without continuity
and I don’t
know the results, like this one:
https://www.redhat.com/archives/freeipa-users/2015-June/msg00555.html
In this old thread, the recommendation was to move the reverse zone to
IPA and make
some grants on BIND to allow Dynamic DNS updates.
But is this still the case?
There’s any oficial guidance in this issue?
This scenario is supported or I must have separate networks, even with
VLANs and IP
addresses, for *nix and Windows clients?
Thanks,
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
--
Rafael Guterres Jeffman
Senior Software Engineer
FreeIPA - Red Hat