Hi, I'm planning a FreeIPA fresh installation across multiple datacenters and offices. Concerned about the risk of DNS DDoS, I wanted to make most nodes in a mesh VPN so they can replicate without exposing ports to internet. However, I still need some services over internet. So can I set up every node just using IP addresses defined in VPN, but leave some nodes open on Internet? Will it work? Is there any hostname based check? And if it works, do I need to set up completely different 2 sets of DNS records used in LAN and WAN?
Thanks, James Swineson
_______________________________________________ FreeIPA-users mailing list -- email@example.com To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org