Pieter, If you are comfortable with duplicating your external records internally, you CAN use this domain, however I've always preferred to have internal only and external only domains (we actually register domains externally that are internal use only). so for example, lautus.net is your external domain, for internal you could use a subdomain like ipa.lautus.net or lautus.tech.
Split DNS isn't wrong, but it never makes things easier. your SRV records would only need to be duplicated if your users are @lautus.net and not @ipa.lautus.net or @ad.lautus.net. I hope this helps, this is all general dns infrastructure, so you could also checkout any other resources on building domain/forest infrastructure recommendations Good Luck, Jacob From: "Pieter Nagel" <pie...@lautus.net> To: "freeipa-users" <freeipa-users@redhat.com> Sent: Wednesday, December 7, 2016 8:33:41 AM Subject: Re: [Freeipa-users] Still unclear about relation between IPA DNS domain and company DNS domain. Thanks, that helps a lot. Yes and no. What you see with "@ NS ..." is a glue record -- you are supposed to have a glue record for IPA domain in the upstream domain, this is how domain delegation works in DNS world. Except what i saw was the other way around. The FreeIPA server has an NSrecord claiming that it is authoritative the parent domain, but its parent domain is hosted at dnsmadeeasy: ~ dig @ [ http://8.8.8.8/ | 8.8.8.8 ] -t NS [ http://lautus.net/ | lautus.net ] [ http://lautus.net/ | lautus.net ] . 86399 IN NS [ http://ns15.dnsmadeeasy.com/ | ns15.dnsmadeeasy.com ] . ~ dig @ [ http://8.8.8.8/ | 8.8.8.8 ] -t NS [ http://ipa.lautus.net/ | ipa.lautus.net ] [ http://ipa.lautus.net/ | ipa.lautus.net ] . 86399 IN NS [ http://ipa-hetzner-cpt4-01.lautus.net/ | ipa-hetzner-cpt4-01.lautus.net ] . But as far as the FreeIPA DNS is concerned, it is authoritative for everything: ~ dig @ [ http://ipa-hetzner-cpt4-01.lautus.net/ | ipa-hetzner-cpt4-01.lautus.net ] -t NS [ http://lautus.net/ | lautus.net ] [ http://lautus.net/ | lautus.net ] . 86400 IN NS [ http://ipa-hetzner-cpt4-01.lautus.net/ | ipa-hetzner-cpt4-01.lautus.net ] . ~ dig @ [ http://ipa-hetzner-cpt4-01.lautus.net/ | ipa-hetzner-cpt4-01.lautus.net ] -t NS [ http://ipa.lautus.net/ | ipa.lautus.net ] [ http://ipa.lautus.net/ | ipa.lautus.net ] . 86400 IN NS [ http://ipa-hetzner-cpt4-01.lautus.net/ | ipa-hetzner-cpt4-01.lautus.net ] . -- Pieter Nagel Lautus Solutions (Pty) Ltd Building 27, The Woodlands, 20 Woodlands Drive, Woodmead, Gauteng 0832587540 -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
BEGIN:VCARD VERSION:3.0 FN:Evans\, Jacob N:Evans;Jacob;;; ADR;TYPE=home,postal,parcel:;;;Harrisburg;PA;17112;USA TEL;TYPE=cell,voice:717-417-8324 TEL;TYPE=work,voice:717-417-8344 EMAIL;TYPE=internet:em...@jacobdevans.com URL;TYPE=work:http://www.jacobdevans.com URL;TYPE=work:http://linkedin.jacobdevans.com ORG:Jacob D Evans\, Cloud Consultant TITLE:Owner REV:2016-01-20T10:08:50Z UID:3034ae81-f255-4b3c-aff5-2dc73614bc74:64082 END:VCARD
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
