assembly_configuring-external-idm-dns.adoc

Configuring {ProductName} with External IdM DNS

When {ProjectServer} adds a DNS record for a host, it first determines which {SmartProxy} is providing DNS for that domain. It then communicates with the {SmartProxy} that is configured to provide DNS service for your deployment and adds the record. The hosts are not involved in this process. Therefore, you must install and configure the IdM client on the {Project} or {SmartProxy} that is currently configured to provide a DNS service for the domain you want to manage using the IdM server.

{ProductName} can be configured to use a Red Hat Identity Management (IdM) server to provide DNS service. For more information about Red Hat Identity Management, see the Linux Domain Identity, Authentication, and Policy Guide.

To configure {ProductName} to use a Red Hat Identity Management (IdM) server to provide DNS service, use one of the following procedures:

• [configuring-dynamic-dns-update-with-gss-tsig-authentication_{context}]

• [configuring-dynamic-dns-update-with-tsig-authentication_{context}]

To revert to internal DNS service, use the following procedure:

• [reverting-to-internal-dns-service_{context}]

Note

You are not required to use {ProductName} to manage DNS. When you are using the realm enrollment feature of {Project}, where provisioned hosts are enrolled automatically to IdM, the ipa-client-install script creates DNS records for the client. Configuring {ProductName} with external IdM DNS and realm enrollment are mutually exclusive. For more information about configuring realm enrollment, see {InstallingServerDocURL}External_Authentication_for_Provisioned_Hosts_{project-context}[External Authentication for Provisioned Hosts] in {InstallingServerDocTitle}.

modules/proc_configuring-dynamic-dns-update-with-gss-tsig-authentication.adoc

modules/proc_configuring-dynamic-dns-update-with-tsig-authentication.adoc

modules/proc_reverting-to-internal-dns-service.adoc