On Sun, 2021-12-26 at 14:16 -0500, Dave Mintz via FreeIPA-users wrote: > Hello, > I have been trying to set up FreeIPA on an internal CentOS 8 server. > I was successful in getting it running, I set up DNS for internal > queries. It worked. However, when I tried to set up SSL certs I ran > into issue. > > My question is this: > I own a legitimate domain. > It is not “hosted”. > I have no intention of exposing any of my internal servers to the > Internet. > How do I go about configuring the DNS at my registrar so that when I > configure my internal servers, including FreeIPA, DNS, SSL, email, > etc., any requests that go out to the Internet will resolve > correctly? > > Any help or pointers to documentation would be greatly appreciated.
I have freeIPA with DNS over several replication instances running. The domains are like yours mostly internal and not to resolve externally. Without a lot of boring details, you do not need to register your TLD if you just use the domain internally. As long as the resolver your internal hosts point to is your authoritative DNS server that FreeIPA manages, the clients will get responses as they need. This requires your server not to just blindly forward all DNS externally. I have forward turned off on my domains. This means when a client requests a public DNS address, the bind server managed by FreeIPA will do a NS lookup to see where the request needs to be sent. It's not 1.1.1.1 or similar services doing that. Works great for a small network where your domain is 100% internal. You can have an external NS too and they can provide very different answers. Perhaps you just want MX to resolve externally but an ocean of internal addresses should not. If someone outside your network tries to resolve an address, they will hit the external resolver (not managed by FreeIPA!) and only resolve what it knows about. _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
