1ipa-dns-install(1) IPA Manual Pages ipa-dns-install(1)
2
3
4
6 ipa-dns-install - Add DNS as a service to an IPA server
7
9 ipa-dns-install [OPTION]...
10
12 Configure an integrated DNS server on this IPA server, create DNS zone
13 with the name of the IPA primary DNS domain, and fill it in with ser‐
14 vice records necessary for IPA deployment. In cases where the IPA
15 server name does not belong to the primary DNS domain and is not
16 resolvable using DNS, create a DNS zone containing the IPA server name
17 as well.
18
19 IPA provides an integrated DNS server which can be used to simplify IPA
20 deployment. If you decide to use it, IPA will automatically maintain
21 SRV and other service records when you change your topology.
22
23 The DNS component in IPA is optional and you may choose to manage all
24 your DNS records manually on another third party DNS server. IPA DNS is
25 not a general-purpose DNS server. If you need advanced features like
26 DNS views, do not deploy IPA DNS.
27
28 This command requires that an IPA server is already installed and con‐
29 figured.
30
31
33 -d, --debug
34 Enable debug logging when more verbose output is needed
35
36 --ip-address=IP_ADDRESS
37 The IP address of the IPA server. If not provided then this is
38 determined based on the hostname of the server. This option can
39 be used multiple times to specify more IP addresses of the
40 server (e.g. multihomed and/or dualstacked server).
41
42 --forwarder=FORWARDER
43 A forwarder is a DNS server where queries for a specific
44 non-resolvable address can be directed. To define multiple for‐
45 warders use multiple instances of --forwarder
46
47 --no-forwarders
48 Do not add any DNS forwarders, send non-resolvable addresses to
49 the DNS root servers.
50
51 --auto-forwarders
52 Add DNS forwarders configured in /etc/resolv.conf to the list of
53 forwarders used by IPA DNS.
54
55 --forward-policy=first|only
56 DNS forwarding policy for global forwarders specified using
57 other options. Defaults to first if no IP address belonging to
58 a private or reserved ranges is detected on local interfaces
59 (RFC 6303). Defaults to only if a private IP address is
60 detected.
61
62 --reverse-zone=REVERSE_ZONE
63 The reverse DNS zone to use. This option can be used multiple
64 times to specify multiple reverse zones.
65
66 --no-reverse
67 Do not create new reverse DNS zone. If used on a replica and a
68 reverse DNS zone already exists for the subnet, it will be used.
69
70 --auto-reverse
71 Try to resolve reverse records and reverse zones for server IP
72 addresses and if neither is resolvable creates these reverse
73 zones.
74
75 --no-dnssec-validation
76 Disable DNSSEC validation on this server.
77
78 --dnssec-master
79 Setup server to be DNSSEC key master.
80
81 --disable-dnssec-master
82 Disable the DNSSEC master on this server.
83
84 --kasp-db=KASP_DB
85 Copy OpenDNSSEC metadata from the specified kasp.db file. This
86 will not create a new kasp.db file.
87
88 --zonemgr
89 The e-mail address of the DNS zone manager. Defaults to hostmas‐
90 ter@DOMAIN
91
92 --allow-zone-overlap
93 Allow creatin of (reverse) zone even if the zone is already
94 resolvable. Using this option is discouraged as it result in
95 later problems with domain name resolution.
96
97 -U, --unattended
98 An unattended installation that will never prompt for user input
99
101 -p DM_PASSWORD, --ds-password=DM_PASSWORD
102 The password to be used by the Directory Server for the Direc‐
103 tory Manager user
104
106 0 if the installation was successful
107
108 1 if an error occurred
109
110
111
112IPA Jun 28, 2012 ipa-dns-install(1)