1

I've configured FreeIPA for the most part. When I attempt to add a client, I must manually specify the domain and IPA server FQDN. I've read many sources discussing autodiscovery, but I have yet to find an example of the autodiscovery records.

My IPA servers are the authoritative DNS resolver for their domain.

ndemarco
  • 213
  • 1
  • 2
  • 13

1 Answers1

2

If your authoritative DNS server is not FreeIPA, you can run the following command on your IPA server to generate the necessary DNS records, which you can then go and put into your authoritative DNS zone file:

ipa dns-update-system-records --dry-run

See https://www.freeipa.org/page/Howto/Updating_FreeIPA_system_DNS_records_on_a_remote_DNS_server for more information.

If FreeIPA is your authoritative DNS server, you can regenerate your DNS records on the fly by running the same command, without the ---dry-run flag. If you're not sure your records are correct, or want to see the records, use the --dry-run flag to compare and contrast what is currently configured in the system.

David W
  • 3,453
  • 5
  • 36
  • 62
  • The IPA servers are the authoritative DNS resolvers. – ndemarco Dec 19 '19 at 02:46
  • Before you enroll a new client, what DNS servers are those clients configured to use? – David W Dec 19 '19 at 13:26
  • The clients are configured to use IPA1 and IPA2 as their resolvers. Using DiG, I've verified IPA1 is the responder used. – ndemarco Dec 19 '19 at 15:33
  • 1
    Try running the dns-update-systems-records --dry-run command that I provided, and compare stdout with what you see in the FreeIPA gui. If there's a difference, then take out the --dry-run flag to actually update the records on your system. – David W Dec 19 '19 at 20:34
  • Thanks for pointing out the --dry-run flag. I did exactly what you suggested, and found I had changed the config slightly since before installing IPA. All works well now. – ndemarco Dec 21 '19 at 00:16
  • Awesome! For posterity, I'll go back and edit this answer a little bit to clarify what it does with and without that flag. Glad it helped. – David W Dec 22 '19 at 10:56