[Freeipa-users] Re: DNS and FreeIPA

On Mon, 2021-12-27 at 19:11 -0300, Rafael Jeffman wrote: > Besides what Peter has written, let's get this warning from FreeIPA > site [1]: > > > **Avoid name collisions** > > We strongly recommend that you do not use a domain name that is not > > delegated to you, even on a private network. For ex

[Freeipa-users] Re: DNS and FreeIPA

: FreeIPA users list ; Rafael Jeffman ; Peter Larsen Cc: Dave Mintz ; Angus Clarke Subject: Re: [Freeipa-users] Re: DNS and FreeIPA Hi Angus, Just be aware that maintaining parrellel records is an overhead in the longer term as it's a manual process of keeping things in sync. Delegation is

[Freeipa-users] Re: DNS and FreeIPA

Clarke < an...@charworth.com> Subject: [Freeipa-users] Re: DNS and FreeIPA Date: Mon, 27 Dec 2021 23:26:31 + Thanks for your replies, I think I need to focus on internal resolver configuration and less on public subdomain delegation. Cheers Angus

[Freeipa-users] Re: DNS and FreeIPA

. Coin Subject: [Freeipa-users] Re: DNS and FreeIPA Angus, There are two 'happy medium' approaches you can try with FreeIPA to resolve the private/public issues you mention. If you have just one or two addresses you want the public to see, get one or two 'static ips' from y

[Freeipa-users] Re: DNS and FreeIPA

Thanks Ian, a lot of good pointers in there! Cheers Angus From: Ian Willis via FreeIPA-users Sent: Tuesday, December 28, 2021 12:06:52 AM To: freeipa-users@lists.fedorahosted.org Cc: Ian Willis Subject: [Freeipa-users] Re: DNS and FreeIPA Hi All, Angus you

[Freeipa-users] Re: DNS and FreeIPA

; Dave Mintz Subject: Re: [Freeipa-users] Re: DNS and FreeIPA Hello Angus, Besides what Peter has written, let's get this warning from FreeIPA site [1]: > **Avoid name collisions** > We strongly recommend that you do not use a domain name that is not > delegated to you, even on a p

[Freeipa-users] Re: DNS and FreeIPA

Angus, There are two 'happy medium' approaches you can try with FreeIPA to resolve the private/public issues you mention. If you have just one or two addresses you want the public to see, get one or two 'static ips' from your ISP, set them in your registrar's setup for your name, do the rout

[Freeipa-users] Re: DNS and FreeIPA

ated this either. -Original Message- From: Angus Clarke via FreeIPA-users < freeipa-users@lists.fedorahosted.org> Reply-To: FreeIPA users list To: Rafael Jeffman Cc: Dave Mintz , FreeIPA users list < freeipa-users@lists.fedorahosted.org>, Peter Larsen < pe...@peterlarse

[Freeipa-users] Re: DNS and FreeIPA

Hello Angus, Besides what Peter has written, let's get this warning from FreeIPA site [1]: > **Avoid name collisions** > We strongly recommend that you do not use a domain name that is not > delegated to you, even on a private network. For example, you should > not use domain name company.int if

[Freeipa-users] Re: DNS and FreeIPA

>Angus > > > >From: Rafael Jeffman >Sent: Monday, 27 December 2021, 8:15 pm >To: Angus Clarke >Cc: FreeIPA users list; Dave Mintz; Peter Larsen >Subject: Re: [Freeipa-users] Re: DNS and FreeIPA > >Hello Angus, > >On Mon, Dec 27, 2021 at 11:31 AM Angus Clarke

[Freeipa-users] Re: DNS and FreeIPA

On 12/27/21 15:27, Angus Clarke wrote: Ok let's try this: I've just registered angusclarke.com with a public DNS provider and am ready to deploy FreeIPA for my corporate network which uses a private IP space. How do I do this? This is where things get odd for me. Why are you registering a T

[Freeipa-users] Re: DNS and FreeIPA

on the topic myself. Regards Angus From: Rafael Jeffman Sent: Monday, 27 December 2021, 8:15 pm To: Angus Clarke Cc: FreeIPA users list; Dave Mintz; Peter Larsen Subject: Re: [Freeipa-users] Re: DNS and FreeIPA Hello Angus, On Mon, Dec 27, 2021 at 11:31 AM Angus Clarke mailto:an...@charworth.

[Freeipa-users] Re: DNS and FreeIPA

this helps, Rafael > Thanks > Angus > > > > > > -- > *From:* Rafael Jeffman via FreeIPA-users < > freeipa-users@lists.fedorahosted.org> > *Sent:* Monday, 27 December 2021, 1:31 pm > *To:* FreeIPA users list > *Cc:* Dave Mint

[Freeipa-users] Re: DNS and FreeIPA

On Sun, 2021-12-26 at 23:39 -0500, Dave Mintz wrote: > Thank you so much!  > Could you please elaborate on how to configure the FreeIPA DNS server > to forward only non-local-domain queries? > > In the DNS Global Configuration there is the Forward policy > Forward first > Forward only > Forwardi

[Freeipa-users] Re: DNS and FreeIPA

From: Rafael Jeffman via FreeIPA-users Sent: Monday, 27 December 2021, 1:31 pm To: FreeIPA users list Cc: Dave Mintz; Peter Larsen; Rafael Jeffman Subject: [Freeipa-users] Re: DNS and FreeIPA Sorry for the top reply, but this is more an overview about all messages than a d

[Freeipa-users] Re: DNS and FreeIPA

Sorry for the top reply, but this is more an overview about all messages than a direct answer. Everything here assumes you are using FreeIPA's integrated DNS. First, it was suggested that split view DNS is used. Don't do that, as it is not supported by FreeIPA. Use it only if you manage your own e

[Freeipa-users] Re: DNS and FreeIPA

Hi, the various settings are explained in DNS forward policies in IdM

[Freeipa-users] Re: DNS and FreeIPA

Hi Peter, Thank you so much! Could you please elaborate on how to configure the FreeIPA DNS server to forward only non-local-domain queries? In the DNS Global Configuration there is the Forward policy Forward first Forward only Forwarding disabled Which one should be used to do what you say

[Freeipa-users] Re: DNS and FreeIPA

On Sun, 2021-12-26 at 14:16 -0500, Dave Mintz via FreeIPA-users wrote: > Hello, > I have been trying to set up FreeIPA on an internal CentOS 8 server.  > I was successful in getting it running, I set up DNS for internal > queries.  It worked.  However, when I tried to set up SSL certs I ran > into

[Freeipa-users] Re: DNS and FreeIPA

Hi You could host split view dns so as to only give responses to queries from certain (your) IP addresses, thus hiding your private DNS information from general public queries. Similarly yet more succinctly, you could use a subdomain and delegate the DNS for that to a private IP in your networ