-- On May 21, 2014, at 8:17 , Petr Spacek <[email protected]> wrote: > Hello, > > On 21.5.2014 13:31, Davis Goodman wrote: >> ldapsearch -D "cn=Directory Manager” -W -LLL -x -b >> cn=ipa-ldap-delegation,cn=s4u2proxy,cn=etc,dc=ddistrict,dc=int"" > > Please note that domain shadowing/hijacking/name collisions are *strongly* > discouraged. > > You *should not* use domain names you don't own. (According to > http://www.iana.org/cgi-bin/intreg/intreg.pl > domain name 'ddistrict.int' is not registered. Policy for .int registration > is on http://www.iana.org/domains/int/policy) > > It will cause problems with DNSSEC and it also prevents you from accessing > resources on Internet under the colliding name. > > > I guess that you want to have an internal sub-tree in DNS. > The recommended practice is to use sub-domain of your public (properly > registered) domain. E.g.: > > 'int.digital-district.ca' > or even shorter > 'i.digital-district.ca' > > I hope this will help you to avoid serious problems in the future. > > Have a nice day! > > -- > Petr^2 Spacek > > _______________________________________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-users Hi Peter, Gee, I didn’t even know the .int was a public suffix domain. I guess we’re kind of stuck now with it now but It’s good to know. Thanks for the info. Davis Goodman Directeur Informatique | IT Manager 5605 Avenue de Gaspé, Suite 408 | Montréal, QC H2T 2A4 Tél: +1 (514) 360-3253 x104 Cell: +1 (514) 994-7360
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
