[Freeipa-users] be aware of name collision problem
Petr Spacek
pspacek at redhat.com
Wed May 21 12:17:32 UTC 2014
Hello,
On 21.5.2014 13:31, Davis Goodman wrote:
> ldapsearch -D "cn=Directory Manager” -W -LLL -x -b
> cn=ipa-ldap-delegation,cn=s4u2proxy,cn=etc,dc=ddistrict,dc=int""
Please note that domain shadowing/hijacking/name collisions are *strongly*
discouraged.
You *should not* use domain names you don't own. (According to
http://www.iana.org/cgi-bin/intreg/intreg.pl
domain name 'ddistrict.int' is not registered. Policy for .int registration is
on http://www.iana.org/domains/int/policy)
It will cause problems with DNSSEC and it also prevents you from accessing
resources on Internet under the colliding name.
I guess that you want to have an internal sub-tree in DNS.
The recommended practice is to use sub-domain of your public (properly
registered) domain. E.g.:
'int.digital-district.ca'
or even shorter
'i.digital-district.ca'
I hope this will help you to avoid serious problems in the future.
Have a nice day!
--
Petr^2 Spacek
More information about the Freeipa-users
mailing list