On 29.6.2015 18:33, Matt . wrote: > Hi Petr, > > No problem at all! I can remove/move things easily... but this > splitbrain really makes these 2 networks standing on their own, which > is what I need. > > Both are provisioned but not all the same. It gives me the flexibility > we need, that's why it's not difficult to move, as it's flexible at > the moment.
Yeah, you can get most flexibility by using two separate domains for each network, possibly on two separate servers :-) Let us know if you need further assistance. Petr^2 Spacek > 2015-06-29 18:26 GMT+02:00 Petr Spacek <pspa...@redhat.com>: >> On 29.6.2015 18:22, Matt . wrote: >>> Hi, >>> >>> Because it can happen that hostnames are used twice, but one for each >>> network. >>> >>> This sounds a little bit odd, but it has something todo with hostnames >>> that are needed, public names and internal names. But as both networks >>> have their own DNS servers, some records are just not provisioned so >>> need to be added manually to the non-managed server. >> >> Okay, so you basically wants 'DNS views'. There is only once advice about >> that: "Do not do that" :-) >> >> I would highly recommend you to read and follow following articles: >> >> http://www.freeipa.org/page/Deployment_Recommendations#DNS >> http://www.freeipa.org/page/DNS#Internal-only_domains >> >> Sure, in already deployed network it is not easy but be assured that getting >> rid of DNS views/split-brain DNS it will save you a lot of headaches in the >> long term. >> >> I'm sorry for uncomforting answers... >> >> Petr Spacek @ Red Hat >> >>> 2015-06-29 17:11 GMT+02:00 Petr Spacek <pspa...@redhat.com>: >>>> On 29.6.2015 16:10, Matt . wrote: >>>>> Hi Petr, >>>>> >>>>> Yes I understand why this is "not possible". The idea was to have a >>>>> managed DNS server from scripting and one for "other usage" by clients >>>>> who only need to know about the "unknown" records on Server1, this as >>>>> it should forward most and only do specific local lookups. >>>>> >>>>> Your subdomain solution might be something if I want to go this way. >>>> >>>> I still do not understand the use case. Why not let scripts to modify >>>> records >>>> on one single server? >>>> >>>> -- >>>> Petr^2 Spacek -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project