Este contenido no está disponible en el idioma seleccionado.
2.4. Enabling Dynamic DNS Updates
AD allows its clients to refresh their DNS records automatically. AD also actively maintains DNS records to make sure they are updated, including timing out (aging) and removing (scavenging) inactive records. DNS scavenging is not enabled by default on the AD side.
SSSD allows the Linux system to imitate a Windows client by refreshing its DNS record, which also prevents its record from being marked inactive and removed from the DNS record. When dynamic DNS updates are enabled, the client's DNS record is refreshed:
- when the identity provider comes online (always)
- when the Linux system reboots (always)
- at a specified interval (optional configuration); by default, the AD provider updates the DNS record every 24 hoursYou can set this behavior to the same interval as the DHCP lease. In this case, the Linux client is renewed after the lease is renewed.
DNS updates are sent to the AD server using Kerberos/GSSAPI for DNS (GSS-TSIG). This means that only secure connections need to be enabled.
The dynamic DNS configuration is set for each domain. For example:
[domain/ad.example.com] id_provider = ad auth_provider = ad chpass_provider = ad access_provider = ad ldap_schema = addyndns_update = truedyndns_refresh_interval = 43200dyndns_update_ptr = truedyndns_ttl = 3600
For details on these options, see the sssd-ad(5) man page.
