Description of problem:
Some of the environments need to ensure that clients from given physical locations only contact IdM servers from that site as authentication to IdM servers in other sites are too expensive and cause authentication delays.
IdM Server does support DNS locations, as documented in . The default mean of configuring the support on the IdM client side is via ipa_enable_dns_sites setting . However, the ipa_enable_dns_sites will only work reliably if a DNS server that a client is using is supporting queries to "_location.<client hostname>", which is only supported by IdM DNS service (bind-dyndb-ldap). This RFE is a request to have a configuration that will support environments also with non-IdM DNS resolvers.
A *workaround* can be configuring "dns_discovery_domain"  and pinning it to "<site>._locations.<ipa-domain>" where <site> is configured IdM Server Location for that given site.
Proposed solution could be ability to define "ipa_site = <site>", similar to existing "ad_site" setting, that would pin SSSD to use DNS SRV records from <site>._locations.<ipa-domain>.
 ipa_enable_dns_sites (boolean)
Enables DNS sites - location based service discovery.
If true and service discovery (see Service Discovery paragraph at the bottom of the man page) is enabled, then the SSSD will first attempt location based discovery using a query that contains
"_location.hostname.example.com" and then fall back to traditional SRV discovery. If the location based discovery succeeds, the IPA servers located with the location based discovery are treated
as primary servers and the IPA servers located using the traditional SRV discovery are used as back up servers
 dns_discovery_domain (string)
If service discovery is used in the back end, specifies the domain part of the service discovery DNS query.
Default: Use the domain part of machine's hostname
I'm closing this RFE since there is no customer case attached and we currently don't have understanding on what are customers needs and environments.