You don’t need to setup a DNS server or Route 53 Zone, you can use the route53resolver. It allows a conditional forwarder for any domain you wish and you can point it straight at an IPA DNS server. It’s built in to AWS: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-getting-started.html <https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-getting-started.html> + https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver.html <https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver.html> (Announcment: https://aws.amazon.com/blogs/aws/new-amazon-route-53-resolver-for-hybrid-clouds/ <https://aws.amazon.com/blogs/aws/new-amazon-route-53-resolver-for-hybrid-clouds/> ) and works great with IPA and even MS AD.
John > On 23 May 2019, at 18:53, Stepan Vardanyan via FreeIPA-users > <freeipa-users@lists.fedorahosted.org> wrote: > > After a lot of replies I see that using VPN tunnels to reach servers is the > best option. > > But, there is DNS issue also. > I see two options with private zone (both are unwanted for us): > - set up DNS forwarding to our private DNS server in each AWS account (using > bind9 for example); > - create in Route53 zone with exact same domain name and populate it with > actual SRV records (this one is pretty ugly). > So, what about using public DNS domain in FreeIPA (say ipa.example.com)? > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
