Document link: [Installing Identity Management | Red Hat Enterprise Linux | 8 | Red Hat Documentation|https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html-single/installing_identity_management/index#proc_installing-a-client-by-using-user-credentials-interactive-installation_assembly_installing-an-idm-client]

[Installing Identity Management | Red Hat Enterprise Linux | 9 | Red Hat Documentation|https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html-single/installing_identity_management/index#proc_installing-a-client-by-using-user-credentials-interactive-installation_assembly_installing-an-idm-client]

[Installing Identity Management | Red Hat Enterprise Linux | 10 | Red Hat Documentation|https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/10/html-single/installing_identity_management/index#proc_installing-a-client-by-using-user-credentials-interactive-installation_assembly_installing-an-idm-client]

Section number and name: 14.2. Installing a client by using user credentials: Interactive installation

Describe the issue: 

I construed the wording of 14.2's Procedures step 1  adding the --enable-dns-updates as there are 4 cases to use the -enable-dns-updates command however according to Red Hat Case 04164276, that I opened about it. This option should only be used when "The IdM server the client will be enrolled with was installed with integrated DNS" or "The DNS server on the network accepts DNS entry updates with the GSS-TSIG protocol" and that the "Is useful if your client lines of"  "has a dynamic IP address issued using the Dynamic Host Configuration Protocol"  or "has a static IP address but it has just been allocated and the IdM server does not know about it" are not additional reasons to enable it, and just an explanation as to why in the previous two cases you would want to enable it.  

However, I was interpreting the wording of why useful of "has a dynamic IP address issued using the Dynamic Host Configuration Protocol" had me thinking that it should always be enabled if the IdM client is a DHCP client and not just for only  when the first two conditions are in play.

Additionally in addition to that the Red Hat support staff member states that even if one of the two conditions that this applies to applied to my situation, that it is optional and that some customers still prefer not to implement it.  

Impact of this issue:  

The extra "Enabling DNS updates is useful if your client" wording followed by “has a dynamic IP address issued using the Dynamic Host Configuration Protocol" led me into unnecessary enabling this feature on a client that is using a completely separate DHCP server setup that is not running the GSS-TSIG protocol, when it does not need to be enabled. 

Suggestions for improvement:

I really have no clue how to reword the wording including  “has a dynamic IP address issued using the Dynamic Host Configuration Protocol” or  “has a static IP address but it has just been allocated and the IdM server does not know about it" without making the document confusing or possibly even wrong but here is a try at it.  

Additionally other than to know this does not apply to my situation, I don't feel confident I truly understand this as I would think if the Intergrated DHCP was truly integrated the communication of hostnames to IP address would occur within the IdM server products and not rely on the client to be configured to pass the information that the IdM server set and replicated to the other IdM severs via the backend replication.

So based on my interpretation of the RHEL ticket I opened. It might be clearer if 

“Add the --enable-dns-updates option to update the DNS records with the IP address of the client system if either of the following conditions applies:

• The IdM server the client will be enrolled with was installed with integrated DNS
• The DNS server on the network accepts DNS entry updates with the GSS-TSIG protocol

1. ipa-client-install --enable-dns-updates --mkhomedir

Enabling DNS updates is useful if your client:

• has a dynamic IP address issued using the Dynamic Host Configuration Protocol
• has a static IP address but it has just been allocated and the IdM server does not know about it"

Where changed to something like. 

“If your client will be enrolled with an IdM server that was installed with integrated DNS, or if the DNS server on the network accepts DNS entry updates with the GSS-TSIG protocol; and you prefer to have IP address and hostname registered in  IdM you may optionally add the --enable-dns-updates option to update the DNS records with the IP address of the client system, so that IdM knows what IP the Integrated IDM DHCP server issues or if the client “has a static IP address but it has just been allocated and the IdM server does not know about it”  

Note: If you are running an external DNS Server/s that do now support GSS-TSIG and are not converting over to running the IdM integrated DNS server you should not enable this option!

1. ipa-client-install --enable-dns-updates --mkhomedir