-- 





On May 21, 2014, at 8:17 , Petr Spacek <pspa...@redhat.com> wrote:

> Hello,
> 
> On 21.5.2014 13:31, Davis Goodman wrote:
>> ldapsearch -D "cn=Directory Manager” -W -LLL -x -b
>> cn=ipa-ldap-delegation,cn=s4u2proxy,cn=etc,dc=ddistrict,dc=int""
> 
> Please note that domain shadowing/hijacking/name collisions are *strongly* 
> discouraged.
> 
> You *should not* use domain names you don't own. (According to
> http://www.iana.org/cgi-bin/intreg/intreg.pl
> domain name 'ddistrict.int' is not registered. Policy for .int registration 
> is on http://www.iana.org/domains/int/policy)
> 
> It will cause problems with DNSSEC and it also prevents you from accessing 
> resources on Internet under the colliding name.
> 
> 
> I guess that you want to have an internal sub-tree in DNS.
> The recommended practice is to use sub-domain of your public (properly 
> registered) domain. E.g.:
> 
> 'int.digital-district.ca'
> or even shorter
> 'i.digital-district.ca'
> 
> I hope this will help you to avoid serious problems in the future.
> 
> Have a nice day!
> 
> -- 
> Petr^2 Spacek
> 
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
Hi Peter,

Gee, I didn’t even know the .int was a public suffix domain. I guess we’re kind 
of stuck now with it now but It’s good to know.

Thanks for the info.



Davis Goodman
Directeur Informatique  |  IT Manager

5605 Avenue de Gaspé, Suite 408  |  Montréal, QC H2T 2A4 
Tél: +1 (514) 360-3253 x104            Cell: +1 (514) 994-7360 

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to