Red Hat SummitQuesto contenuto non è disponibile nella lingua selezionata.
Chapter 30. Installing DNS on an existing IdM server
Install the DNS service on an RHEL Identity Management (IdM) server that was originally installed without it.
Prerequisites
- You understand the advantages and limitations of using IdM with integrated DNS as described in Installing an IdM server: With integrated DNS, with an integrated CA as the root CA.
-
You have
rootaccess to the IdM server.
Procedure
Optional: On the IdM server, verify that DNS is not already installed:
ipa server-role-show server.idm.example.com
# ipa server-role-show server.idm.example.com Role name: DNS server Server name: server.idm.example.com Role name: DNS server Role status: absentCopy to Clipboard Copied! Toggle word wrap Toggle overflow The output confirms that IdM DNS is not available on the server.
Download the
ipa-dns-serverpackage and its dependencies:dnf install ipa-server-dns
# dnf install ipa-server-dnsCopy to Clipboard Copied! Toggle word wrap Toggle overflow On the IdM server, start the script to install DNS on the server:
ipa-dns-install
# ipa-dns-installCopy to Clipboard Copied! Toggle word wrap Toggle overflow The script prompts for per-server DNS forwarders.
Do you want to configure DNS forwarders? [yes]:
Do you want to configure DNS forwarders? [yes]:Copy to Clipboard Copied! Toggle word wrap Toggle overflow To configure per-server DNS forwarders, enter
yes, and then follow the instructions on the command line. The installation process will add the forwarder IP addresses to the IdM LDAP.-
For the forwarding policy default settings, see the
--forward-policydescription in the ipa-dns-install(1) man page.
-
For the forwarding policy default settings, see the
If you do not want to use DNS forwarding, enter
no.With no DNS forwarders, hosts in your IdM domain will not be able to resolve names from other, internal, DNS domains in your infrastructure. The hosts will only be left with public DNS servers to resolve their DNS queries.
The script prompts to check if any DNS reverse (PTR) records for the IP addresses associated with the server need to be configured.
Do you want to search for missing reverse zones? [yes]:
Do you want to search for missing reverse zones? [yes]:Copy to Clipboard Copied! Toggle word wrap Toggle overflow If you run the search and missing reverse zones are discovered, the script asks you whether to create the reverse zones along with the PTR records.
Do you want to create reverse zone for IP 192.0.2.1 [yes]: Please specify the reverse zone name [2.0.192.in-addr.arpa.]: Using reverse zone(s) 2.0.192.in-addr.arpa.
Do you want to create reverse zone for IP 192.0.2.1 [yes]: Please specify the reverse zone name [2.0.192.in-addr.arpa.]: Using reverse zone(s) 2.0.192.in-addr.arpa.Copy to Clipboard Copied! Toggle word wrap Toggle overflow NoteUsing IdM to manage reverse zones is optional. You can use an external DNS service for this purpose instead.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}