Hi,
In the company I am working for DNS is managed by a separate department. Delegating the linux.mydomain.at zone is not an option. Entering DNS entries (for IPA servers) is done by clicking around in a web interface. Entries have to be entered manually one by one.
An alternative would be to use nsupdate for the linux.mydomain.at zone (and subzones). Does IPA provide a way for using nsupdate in combination with all the required DNS entries upon a IPA server/replica installation?
Cheers, Ronald
Hi Ronald,
On Thu, Apr 30, 2020 at 11:15 AM Ronald Wimmer via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Hi,
In the company I am working for DNS is managed by a separate department. Delegating the linux.mydomain.at zone is not an option. Entering DNS entries (for IPA servers) is done by clicking around in a web interface. Entries have to be entered manually one by one.
An alternative would be to use nsupdate for the linux.mydomain.at zone (and subzones). Does IPA provide a way for using nsupdate in combination with all the required DNS entries upon a IPA server/replica installation?
I think, yes:
$ kinit admin $ ipa dns-update-system-records -h Usage: ipa [global-options] dns-update-system-records [options]
Update location and IPA server DNS records Options: -h, --help show this help message and exit --dry-run Do not update records only return expected records --all Retrieve and print all attributes from the server. Affects command output. --raw Print entries as stored on the server. Only affects output format. --out=STR file to store DNS records in nsupdate format $ ipa dns-update-system-records --out=nsupdate $ cat nsupdate (...)
Cheers François
Cheers, Ronald _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
On 30.04.20 11:28, François Cami wrote:
Hi Ronald,
On Thu, Apr 30, 2020 at 11:15 AM Ronald Wimmer via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Hi,
In the company I am working for DNS is managed by a separate department. Delegating the linux.mydomain.at zone is not an option. Entering DNS entries (for IPA servers) is done by clicking around in a web interface. Entries have to be entered manually one by one.
An alternative would be to use nsupdate for the linux.mydomain.at zone (and subzones). Does IPA provide a way for using nsupdate in combination with all the required DNS entries upon a IPA server/replica installation?
I think, yes:
$ kinit admin $ ipa dns-update-system-records -h Usage: ipa [global-options] dns-update-system-records [options]
Update location and IPA server DNS records Options: -h, --help show this help message and exit --dry-run Do not update records only return expected records --all Retrieve and print all attributes from the server. Affects command output. --raw Print entries as stored on the server. Only affects output format. --out=STR file to store DNS records in nsupdate format $ ipa dns-update-system-records --out=nsupdate $ cat nsupdate (...)
Wow. This was unexpected. You made my day!
Cheers, Ronald
On to, 30 huhti 2020, Ronald Wimmer via FreeIPA-users wrote:
Hi,
In the company I am working for DNS is managed by a separate department. Delegating the linux.mydomain.at zone is not an option. Entering DNS entries (for IPA servers) is done by clicking around in a web interface. Entries have to be entered manually one by one.
An alternative would be to use nsupdate for the linux.mydomain.at zone (and subzones). Does IPA provide a way for using nsupdate in combination with all the required DNS entries upon a IPA server/replica installation?
If you installed IPA master without integrated DNS, it will generate you a file in a temporary place with all the records it expects to have.
You can re-generate information about those records in nsupdate format any time with
ipa dns-update-system-records --dry-run --out foo.nsupdate
Then foo.nsupdate file will contain required nsupdate statements.
If you'd add there your authentication requirements for nsupdate to authenticate against your DNS server, that would be it, perhaps?
On 30.04.20 11:32, Alexander Bokovoy via FreeIPA-users wrote:
On to, 30 huhti 2020, Ronald Wimmer via FreeIPA-users wrote:
Hi,
In the company I am working for DNS is managed by a separate department. Delegating the linux.mydomain.at zone is not an option. Entering DNS entries (for IPA servers) is done by clicking around in a web interface. Entries have to be entered manually one by one.
An alternative would be to use nsupdate for the linux.mydomain.at zone (and subzones). Does IPA provide a way for using nsupdate in combination with all the required DNS entries upon a IPA server/replica installation?
If you installed IPA master without integrated DNS, it will generate you a file in a temporary place with all the records it expects to have.
You can re-generate information about those records in nsupdate format any time with
ipa dns-update-system-records --dry-run --out foo.nsupdate
Then foo.nsupdate file will contain required nsupdate statements.
If you'd add there your authentication requirements for nsupdate to authenticate against your DNS server, that would be it, perhaps?
Yes, definitely. I just have the IPA server IPs to be added in the DNS ACL whitelist.
Thanks a lot!
Cheers, Ronald
freeipa-users@lists.fedorahosted.org