James,
IMHO, I would not expose the FreeIPA hosts to Internet traffic, but
rather keep them behind the firewall. Then setup dedicated DNS servers
that allow traffic from the Internet and set them up to do a zone copy
or run a split-brain DNS (internal/external). Internal being the FreeIPA
Thanks. So I guess it is assumed safe to expose FreeIPA to Internet? This
would make everything easier.
2017-11-22 22:42 GMT+08:00 Michael ORourke via FreeIPA-users <
freeipa-users@lists.fedorahosted.org>:
> What I would do is perhaps replicate the zones onto dedicated DNS servers
> (not
What I would do is perhaps replicate the zones onto dedicated DNS
servers (not FreeIPA), or run a "split-brain" DNS which has dedicated
DNS servers that has a smaller subset of records that are exposed to the
Internet.
-Mike
On 11/22/2017 4:21 AM, James Swineson via FreeIPA-users wrote: