On 5.7.2013 17:59, Schmitt, Christian wrote:
Yeah i know that feature, but when i have a View i need to declare two
zonefiles (i need to create one by hand and the other will getting created
by the ipa-dns) thats not exactly what i'm looking for since some sites
shall be the same on both sites, like domain.tld and www.domain.tld are the
same on both sites. but domain.tld is also a freeipa domain and
intra.domain.tld should only be routed through clients but stash.domain.tld
and jira.domain.tld should have both so that it is accessible through the
internet but the local clients should use the local ips.
isn't there a delegate like feature? or even a feature in freeipa that lets
me delegate some entries only to internal hosts.

2013/7/5 Anthony Messina <amess...@messinet.com>

On Friday, July 05, 2013 04:18:37 PM Schmitt, Christian wrote:
Btw. are there any tips by having a second nameserver (public) that just
gives out the important/public hosts? Or is there a good way in having a
domain configured twice? like the internal ip for ipa-users and the
external ip for the people outside of the internal firewall?

Unrelated to FreeIPA, BIND has support for views, which may accomplish this
task for you:


FreeIPA doesn't support BIND views.

The simplest way how to serve some records only to internal network but not to the public Internet is this:
1. create public zone example.com, fill it with shared (public + internal) 
2. create internal zone 'in.example.com', configure zone delegation from example.com (NS+A records), add 'internal only' records 3. configure internal zone 'in.example.com' to accept queries only from internal network ($ ipa dnszone-mod in.example.com --allow-query=';')

I believe that this solves the basic use case.

Petr^2 Spacek

Freeipa-users mailing list

Reply via email to