O serviço DNS é opcional para o funcionamento do FreeIPA.
Caso tenha a precise registrar dispositivos no domínio do FreeIPA, o serviço DNS se torna interessante.
O pacote freeipa-server deve estar instalado.
Instale o pacote do serviço:
# dnf install freeipa-server-dns -y
Configure o serviço DNS no FreeIPA :
# ipa-dns-install --forwarder 10.1.10.1 --auto-reverse
The log file for this installation can be found in /var/log/ipaserver-dns-install.log
==============================================================================
This program will setup DNS for the IPA Server.
This includes:
* Configure DNS (bind)
* Configure SoftHSM (required by DNSSEC)
* Configure ipa-dnskeysyncd (required by DNSSEC)
NOTE: DNSSEC zone signing is not enabled by default
To accept the default shown in brackets, press the Enter key.
Checking DNS forwarders, please wait ...
The following operations may take some minutes to complete.
Please wait until the prompt is returned.
Configuring DNS (named)
[1/12]: generating rndc key file
[2/12]: adding DNS container
.....
[7/7]: configuring ipa-dnskeysyncd to start on boot
Done configuring DNS key synchronization service (ipa-dnskeysyncd).
Restarting ipa-dnskeysyncd
Restarting named
Updating DNS system records
==============================================================================
Setup complete
Global DNS configuration in LDAP server is empty
You can use 'dnsconfig-mod' command to set global DNS options that
would override settings in local named.conf files
You must make sure these network ports are open:
TCP Ports:
* 53: bind
UDP Ports:
* 53: bind