To help create and configure a suitable DNS setup, the IdM installation script creates a sample zone file. During the installation, IdM displays a message similar to the following:
Sample zone file for bind has been created in /tmp/sample.zone.F_uMf4.db
If a DNS server is already configured in the network, then the configuration in the IdM-generated file can be added to the existing DNS zone file. This allows IdM clients to find . For example, this DNS zone configuration is created for an IdM server with the KDC and DNS servers all on the same machine in the EXAMPLE.COM realm:
Example 17.1. Default IdM DNS File
; ldap servers
_ldap._tcp IN SRV 0 100 389 ipaserver.example.com.
_kerberos IN TXT EXAMPLE.COM
; kerberos servers
_kerberos._tcp IN SRV 0 100 88 ipaserver.example.com.
_kerberos._udp IN SRV 0 100 88 ipaserver.example.com.
_kerberos-master._tcp IN SRV 0 100 88 ipaserver.example.com.
_kerberos-master._udp IN SRV 0 100 88 ipaserver.example.com.
_kpasswd._tcp IN SRV 0 100 464 ipaserver.example.com.
_kpasswd._udp IN SRV 0 100 464 ipaserver.example.com.
If DNS services are hosted by a server outside the IdM domain, then an administrator can add the lines in Example 17.1, “Default IdM DNS File”
to the existing DNS zone file. This allows IdM clients and servers to continue to use DNS service discovery to find the LDAP and Kerberos servers (meaning, the IdM servers) that are required for them to participate in the IdM domain.