I'm planning a FreeIPA fresh installation across multiple datacenters and
offices. Concerned about the risk of DNS DDoS, I wanted to make most nodes
in a mesh VPN so they can replicate without exposing ports to internet.
However, I still need some services over internet. So can I set up every
node just using IP addresses defined in VPN, but leave some nodes open on
Internet? Will it work? Is there any hostname based check? And if it works,
do I need to set up completely different 2 sets of DNS records used in LAN
and WAN?

James Swineson
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to