On Fri, 2020-09-18 at 16:55 -0300, Andreas Hasenack wrote:
CAUTION: This email originated from outside of the organization. Do
not click links or open attachments unless you recognize the sender and know the content
is safe.
Hi,
I'm verifying under which conditions sssd will perform successful dns
updates on a DNS server backed by AD.
In this scenario, I have a standalone computer, that has an IP
obviously, but no DNS record yet. My goal was to have the join process
also add a DNS record for this computer.
After tracing calls to nsupdate, it looks like what sssd does is use
the output of `hostname -f`, and I don't see a fault with that
reasoning, except that to have that return an fqdn I need either to be
in DNS already, or hack /etc/hosts. Otherwise, it sends the short name
with a dot suffix, and that won't be accepted:
update delete g-client1. in A
update add g-client1. 3600 in A 10.51.0.8
send
update delete g-client1. in AAAA
send
I was wondering if sssd couldn't assume that the domain part is the
same as the realm? I understand there might be many considerations
here, like multiple domains, forests, etc, and maybe that's why this
isn't done. But perhaps there is a way to have the simple case work?
Or is there a config option I missed?
The other trick I see is to set the hostname to the fqdn, so that
`hostname` returns the full thing. It's not technically correct I
suppose, but gets the job done. Is that what people also do?
Yes I think so. I did a number of years ago and I think some dists. already do
that by default.