[Freeipa-users] be aware of name collision problem
Davis Goodman
davis.goodman at digital-district.ca
Wed May 21 13:46:00 UTC 2014
--
On May 21, 2014, at 8:17 , Petr Spacek <pspacek at redhat.com> wrote:
> Hello,
>
> On 21.5.2014 13:31, Davis Goodman wrote:
>> ldapsearch -D "cn=Directory Manager” -W -LLL -x -b
>> cn=ipa-ldap-delegation,cn=s4u2proxy,cn=etc,dc=ddistrict,dc=int""
>
> Please note that domain shadowing/hijacking/name collisions are *strongly* discouraged.
>
> You *should not* use domain names you don't own. (According to
> http://www.iana.org/cgi-bin/intreg/intreg.pl
> domain name 'ddistrict.int' is not registered. Policy for .int registration is on http://www.iana.org/domains/int/policy)
>
> It will cause problems with DNSSEC and it also prevents you from accessing resources on Internet under the colliding name.
>
>
> I guess that you want to have an internal sub-tree in DNS.
> The recommended practice is to use sub-domain of your public (properly registered) domain. E.g.:
>
> 'int.digital-district.ca'
> or even shorter
> 'i.digital-district.ca'
>
> I hope this will help you to avoid serious problems in the future.
>
> Have a nice day!
>
> --
> Petr^2 Spacek
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
Hi Peter,
Gee, I didn’t even know the .int was a public suffix domain. I guess we’re kind of stuck now with it now but It’s good to know.
Thanks for the info.
Davis Goodman
Directeur Informatique | IT Manager
5605 Avenue de Gaspé, Suite 408 | Montréal, QC H2T 2A4
Tél: +1 (514) 360-3253 x104 Cell: +1 (514) 994-7360
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140521/f6c7eb5b/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: logo_dd_small.png
Type: image/png
Size: 7313 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140521/f6c7eb5b/attachment.png>
More information about the Freeipa-users
mailing list