Red Hat Summit29.5. Installing an IdM replica configured to use eDNS
You can install an IdM replica with eDNS in an environment where the IdM server has DoT enabled.
When you install the replica with the integrated DNS service, the replica uses the same configuration as the IdM server. It runs BIND to handle incoming DNS queries, including encrypted queries, and uses unbound for outgoing encrypted DNS traffic.
When you install the replica without the integrated DNS service, the replica inherits the client-side configuration. It uses unbound with a DoT forwarder to send encrypted DNS queries to the IdM DNS server.
Prerequisites
- Review the steps outlined in Preparing the system for an IdM replica installation.
-
For
enforcedDoT, complete the steps in Configuring client and replica systems to use DoT exclusively. -
Ensure the
ipa-client-encrypted-dnsandipa-server-encrypted-dnspackages are installed.
Procedure
Add the
dns-over-tlsservice to the systemfirewallto open port 853/TCP for DoT traffic:# firewall-cmd --add-service=dns-over-tlsDepending on whether you want the replica to manage DNS records, choose one of the following:
To install an IdM replica with integrated DNS:
# ipa-replica-install --setup-dns --dns-over-tls --dot-forwarder <server_ip>#<dns_server_hostname>To install an IdM replica without integrated DNS:
# ipa-replica-install --dns-over-tls
Verification
On the IdM server, list all replicas in the topology:
# ipa-replica-manage list-ruv
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}