IPA server should be able to make sure DNS records about itself are correct. When IPA server is started and it gets new IP address, it should be able put that IP address to DNS zone for other machines (clients) to find it.
We can use dyndns_update and dyndns_update_ptr of SSSD but IPA server also sets ipa-ca hostname, and if the IPA server is a DNS server, its IP address also needs to be updated in the parent zones. Plus, the IPA server might not want to publish its internal IP addresses but IP addresses under which it can be reached by clients -- public IP address in case of AWS, host IP address in case of containers with -p.
In containers we do a trivial update of the A record
with the ability to be passed external IP address in the IPA_SERVER_IP environment variable.
But it seems not sufficient as noted in https://github.com/adelton/docker-freeipa/issues/51 and having some utility to do these DNS updates, maintained by the FreeIPA upstream, would be of great help.
There is https://fedorahosted.org/sssd/ticket/2871 ([RFE] split out DNS code into separate binary/out of SSSD) which could be base/part of this utility.
Metadata Update from @adelton:
- Issue assigned to someone
- Issue set to the milestone: FreeIPA 4.5 backlog
to comment on this ticket.