Red Hat SummitChapter 7. Managing DNS records in IdM
Maintain the accuracy of your network’s name resolution by managing DNS records within Identity Management (IdM). You can add, update, and remove various record types to reflect changes in the infrastructure and ensure seamless service discovery.
7.1. Prerequisites
Your IdM deployment contains an integrated DNS server. For information how to install IdM with integrated DNS, see one of the following links:
- You understand what types of DNS records exist in IdM.
- You understand what options are available when adding, modifying and deleting the most common DNS resource record types in IdM.
7.2. Adding DNS resource records in the IdM Web UI
Expand your DNS zone by adding new resource records through the IdM Web UI. This graphical interface simplifies the process of defining host addresses, service locations, and other critical network data.
Prerequisites
- The DNS zone to which you want to add a DNS record exists and is managed by IdM. For more information about creating a DNS zone in IdM DNS, see Managing DNS zones in IdM.
- You are logged in as IdM administrator.
Procedure
-
In the IdM Web UI, click
Network ServicesDNSDNS Zones. - Click the DNS zone to which you want to add a DNS record.
In the
DNS Resource Recordssection, click to add a new record.Adding a New DNS Resource Record
Select the type of record to create and fill out the other fields as required.
Defining a New DNS Resource Record
- Click to confirm the new record.
7.3. Adding DNS resource records from the IdM CLI
Use the ipa dnsrecord-add command to insert new entries into a specific DNS zone via the command line. This method provides you with the precise control over record parameters and supports automation for bulk updates.
Prerequisites
- The DNS zone to which you want to add a DNS records exists. For more information about creating a DNS zone in IdM DNS, see Managing DNS zones in IdM.
- You are logged in as IdM administrator.
Procedure
To add a DNS resource record, use the
ipa dnsrecord-addcommand. The command follows this syntax:$ ipa dnsrecord-add zone_name record_name --record_type_option=dataIn the command above:
- The zone_name is the name of the DNS zone to which the record is being added.
- The record_name is an identifier for the new DNS resource record.
For example, to add an A type DNS record of host1 to the idm.example.com zone, enter:
$ ipa dnsrecord-add idm.example.com host1 --a-rec=192.168.122.123
7.4. Deleting DNS records in the IdM Web UI
Remove specific record types from an existing resource entry by using the IdM Web UI. This focused deletion maintains the overall resource identifier while stripping away individual data points that are no longer valid.
Prerequisites
- You are logged in as IdM administrator.
Procedure
-
In the IdM Web UI, click
Network ServicesDNSDNS Zones. - Click the zone from which you want to delete a DNS record, for example example.com..
In the
DNS Resource Recordssection, click the name of the resource record.Selecting a DNS Resource Record
- Select the check box by the name of the record type to delete.
Click
Delete.Deleting a DNS Resource Record
The selected record type is now deleted. The other configuration of the resource record is left intact.
7.5. Deleting an entire DNS record in the IdM Web UI
Purge all data associated with a specific resource by deleting the entire record entry in the IdM Web UI. This action removes the host or service identifier and all its related record types from the DNS zone in one step.
Prerequisites
- You are logged in as IdM administrator.
Procedure
-
In the IdM Web UI, click
Network ServicesDNSDNS Zones. - Click the zone from which you want to delete a DNS record, for example zone.example.com..
-
In the
DNS Resource Recordssection, select the check box of the resource record to delete. Click .
Deleting an Entire Resource Record
The entire resource record is now deleted.
7.6. Deleting DNS records in the IdM CLI
Execute the ipa dnsrecord-del command to remove specific records or use the --del-all option to wipe all entries associated with a name. This command provides an efficient way to clean up stale DNS data directly from the IdM CLI.
Prerequisites
- You are logged in as IdM administrator.
Procedure
To remove records from a zone, use the
ipa dnsrecord-delcommand and add the--recordType-recoption together with the record value. For example, to remove an A type record:$ ipa dnsrecord-del example.com www --a-rec 192.0.2.1If you run
ipa dnsrecord-delwithout any options, the command prompts for information about the record to delete. Note that passing the--del-alloption with the command removes all associated records for the zone.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}