Thanks. So I guess it is assumed safe to expose FreeIPA to Internet? This
would make everything easier.
2017-11-22 22:42 GMT+08:00 Michael ORourke via FreeIPA-users <
freeipa-users@lists.fedorahosted.org>:
> What I would do is perhaps replicate the zones onto dedicated DNS servers
> (not FreeIPA), or run a "split-brain" DNS which has dedicated DNS servers
> that has a smaller subset of records that are exposed to the Internet.
>
> -Mike
>
> On 11/22/2017 4:21 AM, James Swineson via FreeIPA-users wrote:
>
> Hi,
>
> I'm planning a FreeIPA fresh installation across multiple datacenters and
> offices. Concerned about the risk of DNS DDoS, I wanted to make most nodes
> in a mesh VPN so they can replicate without exposing ports to internet.
> However, I still need some services over internet. So can I set up every
> node just using IP addresses defined in VPN, but leave some nodes open on
> Internet? Will it work? Is there any hostname based check? And if it works,
> do I need to set up completely different 2 sets of DNS records used in LAN
> and WAN?
>
> Thanks,
> James Swineson
>
>
> ___
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
>
>
>
> ___
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
>
>
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org