from:"Michael ORourke via FreeIPA\-users"

[Freeipa-users] Re: Is it possible to put all replicas in a LAN (use mesh VPN) and selectively expose some nodes to internet?

2017-11-23 Thread Michael ORourke via FreeIPA-users

servers, external being the dedicated DNS servers. -Mike On 11/22/2017 9:51 AM, James Swineson via FreeIPA-users wrote: Thanks. So I guess it is assumed safe to expose FreeIPA to Internet? This would make everything easier. 2017-11-22 22:42 GMT+08:00 Michael ORourke via FreeIPA-users <free

[Freeipa-users] Re: Is it possible to put all replicas in a LAN (use mesh VPN) and selectively expose some nodes to internet?

2017-11-22 Thread Michael ORourke via FreeIPA-users

What I would do is perhaps replicate the zones onto dedicated DNS servers (not FreeIPA), or run a "split-brain" DNS which has dedicated DNS servers that has a smaller subset of records that are exposed to the Internet. -Mike On 11/22/2017 4:21 AM, James Swineson via FreeIPA-users wrote: