Hi,

I was not able to reproduce this issue:

# ipa host-add myhost.ipa.test --ip-address $IP

# ipa dnsrecord-find ipa.test

>> shows myhost.ipa.test has been added

# ipa host-add-principal myhost host/myalias.ipa.test

# ipa dnsrecord-find ipa.test

>> no new record added

DNS records are added when the command "ipa host-add --ip-address" is used, when a host is joined with ipa-client-install, or when "ipa dnsrecord-add" is called. You can check in /var/log/httpd/error_log if you find trace of such a command.

flo

On Mon, Sep 13, 2021 at 1:46 PM Buckley Ross via FreeIPA-users <freeipa-users@lists.fedorahosted.org> wrote:

Hello,

I'm trying to provision an HTTP service principal for a containerized service. The host on which the container is running also has a kerberized HTTP service running on it with a separate service principal (both services are highly critical, but for different systems, and thus should probably have separate keytabs).

Since both services share an IP address (but are serving HTTP on different ports), this seemed like a perfect application of kerberos host aliases. However, when I provisioned a host alias with `ipa host-add-principal myHost host/myAlias.domain.com`, I found that on DNS records were provisioned for `myAlias.domain.com`, thus making the alias completely useless for resolving to the container. Is this a bug in the host-alias system, or am I missing something?

Thank you for your time.

Thank you,
Buckley Ross
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure