Hi You could host split view dns so as to only give responses to queries from certain (your) IP addresses, thus hiding your private DNS information from general public queries.
Similarly yet more succinctly, you could use a subdomain and delegate the DNS for that to a private IP in your network, again using a split view so that the delegation is only resolvable from certain (your) IPs. This way your private DNS records are fully internal (your DNS server) under a subdomain. I've not yet done this myself but have considered this kind of setup (subdomain delegation) for some future company DNS implementation. Regards Angus ________________________________ From: Dave Mintz via FreeIPA-users <[email protected]> Sent: Sunday, 26 December 2021, 8:16 pm To: [email protected] Cc: Dave Mintz Subject: [Freeipa-users] DNS and FreeIPA Hello, I have been trying to set up FreeIPA on an internal CentOS 8 server. I was successful in getting it running, I set up DNS for internal queries. It worked. However, when I tried to set up SSL certs I ran into issue. My question is this: I own a legitimate domain. It is not “hosted”. I have no intention of exposing any of my internal servers to the Internet. How do I go about configuring the DNS at my registrar so that when I configure my internal servers, including FreeIPA, DNS, SSL, email, etc., any requests that go out to the Internet will resolve correctly? Any help or pointers to documentation would be greatly appreciated. Dave _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.fedoraproject.org%2Fen-US%2Fproject%2Fcode-of-conduct%2F&data=04%7C01%7C%7C735a8328373c4dfc788008d9c8a442ee%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637761430092157142%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=OIXNMzv4ONJhUpVRA2khEvypcSDQ7Oa%2B6fVqwEaLmmg%3D&reserved=0 List Guidelines: https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffedoraproject.org%2Fwiki%2FMailing_list_guidelines&data=04%7C01%7C%7C735a8328373c4dfc788008d9c8a442ee%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637761430092157142%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=3SMuHPmrKA4vVO6KA%2FnCasNRt7Ss%2Bvnx8AbuhNs5XrY%3D&reserved=0 List Archives: https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.fedorahosted.org%2Farchives%2Flist%2Ffreeipa-users%40lists.fedorahosted.org&data=04%7C01%7C%7C735a8328373c4dfc788008d9c8a442ee%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637761430092157142%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=S3Yb%2FyHNtCDe2otDl3kh1jjUrCOYS8gqstXOeGYMBKI%3D&reserved=0 Do not reply to spam on the list, report it: https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpagure.io%2Ffedora-infrastructure&data=04%7C01%7C%7C735a8328373c4dfc788008d9c8a442ee%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637761430092157142%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=1r8hEHzDR1Pppe46r8CR4IeCfaTtqQ%2Fv5RBAXn90w04%3D&reserved=0
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
