[Freeipa-users] Re: IPA and external DNS
On to, 30 huhti 2020, Ronald Wimmer via FreeIPA-users wrote:
Hi,
In the company I am working for DNS is managed by a separate
department. Delegating the linux.mydomain.at zone is not an option.
Entering DNS entries (for IPA servers) is done by clicking around in a
web interface. Entries have to be entered manually one by one.
An alternative would be to use nsupdate for the linux.mydomain.at zone
(and subzones). Does IPA provide a way for using nsupdate in
combination with all the required DNS entries upon a IPA
server/replica installation?
If you installed IPA master without integrated DNS, it will
generate you a file in a temporary place with all the records it expects
to have.
You can re-generate information about those records in nsupdate format
any time with
ipa dns-update-system-records --dry-run --out foo.nsupdate
Then foo.nsupdate file will contain required nsupdate statements.
If you'd add there your authentication requirements for nsupdate to
authenticate against your DNS server, that would be it, perhaps?
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland