0

I am preparing servers infrastructure consisting MYSQL , LDAP , PHP and FTP.

I have all servers have static public and private IP(LAN). Now while configuring SSL i am facing problem of FQDN.

For connecting all servers , should I use direct IP address or FQDN ? FQDN for internal purposes are secure ? How can I use it ?

For example, ldap.mysite.com , mysql.mysite.com or ftp.mysite.com. On the other side, i can directly use 100.xxx.yyy.zzz ip address of ldap.mysite.com (for PHP connectivity)

(I absolutely don't want anyone to know subdomains or any internal structure.)

surfnerd
  • 3
  • 1

3 Answers3

3

It all depends on your DNS infrastructure. Is it steady, reliable and secure enough to meet your criteria? If it is, you should use FQDN everywhere. It will be of a great help anytime you need to migrate a part of the infrastructure.

marc99
  • 56
  • 5
  • 2
    If the DNS infrastructure isn't solid enough then I think the answer is still "use FQDN". And fix the DNS infrastructure. – Rob Moir Feb 23 '14 at 09:40
  • Yeah. It is not that hard to get a very reliable and free public DNS service. Broken infrastructure should reallxy be fixed, not just patched up in a blocking way. – TomTom Feb 24 '14 at 06:15
  • Yepp..i was thinking on that direction only. Passing local IP in public DNS is common practise or not ? I don't want to transfer data over internet..all servers are linked internally. – surfnerd Feb 24 '14 at 18:27
  • Should we create private DNS architecture or get Cloudflare or other other public DNS with SLA ? – surfnerd Feb 24 '14 at 18:31
2

FQDN more flexible solution. As you may change ip address just in one place - DNS, without needs to change anything on the client side.

ALex_hha
  • 7,193
  • 1
  • 25
  • 40
0

If you need SSL connectivity for several subdomains, you can install a wildcard SSL certificate for *.mysite.com.

Tero Kilkanen
  • 36,796
  • 3
  • 41
  • 63
  • Yehh my exact findings..i am planning to get wildcard ssl and pass it to all servers..our current architecture all based on self signed certificates..FQDN is one more step toward CA. – surfnerd Feb 24 '14 at 18:30