1

Ill get straight into it.

We are testing FreeIPA for centralized auth and (local)DNS, however we would like to use our tld company.com as these are internet facing servers and the applications require a resolvable FQDN.

We already use Dyn for managed DNS, however, we want to use local DNS for faster resolution for server to server communication when using FQDN. Will this cause an issue if we have both DNS set up for company.com? (the local DNS will only be available for OUR servers to use) The docs are slightly confusing.

Thanks in advance.

D.Nygate
  • 11
  • 2

1 Answers1

0

You can deploy FreeIPA without integrated DNS server. You would be responsible on managing the DNS entries and upon installation you'll find a sample bind zone file in /tmp that has all entries you need to add to your DNS server manually.

FreeIPA integrated DNS server does not support functionality of views (to split internal/external view), and it does not support being a slave to other DNS server.

You need to choose which DNS server is responsible for your zone as in DNS there cannot be two primary sources for the same zone.

abbra
  • 852
  • 5
  • 6
  • Hi abbra, thanks for the reply. My issue is i still want to use the integrated DNS so all my servers can query locally (the DNS will only be available locally) and still keep the DYN Managed DNS for everyone outside the network, is this not possible at all? – D.Nygate Oct 22 '15 at 06:23
  • While you can do what you want with your own local network, this is not recommended -- not by FreeIPA alone but by general DNS deployment recommendations as it ruins one of main principals of DNS hierarchy -- there should be a single authority to handle a particular DNS zone. FreeIPA team has put some DNS-related recommendations here: http://www.freeipa.org/page/DNS, look at 'Caveats' part, in particular. – abbra Oct 22 '15 at 07:10