[Freeipa-users] basic question on DNS configuration

Roberto Cornacchia roberto.cornacchia at gmail.com
Tue Feb 3 12:20:21 UTC 2015 

Hi guys,

I can't wait to get freeIPA installed in our small enterprise, but I'd
first like to get a couple of basic things straight.

My first doubt is about the DNS configuration. Currently, we use a setting
that I guess is rather common for small enterprises:

We own an example.com domain which is managed by the DNS of an external
provider.

A couple of subdomains point to public IP addresses outside our local
network (e.g. www.example.com is hosted at our internet provider,
server1.example.com points at a server hosted in a datacenter, etc).

All the remaining subdomain (*.example.com) point at one IP which
corresponds to our local router.
Then we use some simple forwarding rules to forward on to machines that are
behind the router (service1.example.com, desktop1.example.com,
desktop2.example.com, etc).

Internally, because the enterprise is rather small, we are not using a DNS,
but simply /etc/hosts files on each machine. When they can't resolve
whatever.example.com, then the request goes to the external DNS.

(sorry about the long-ish background information, probably this
configuration is commonly named somehow, but I don't know how)

Now, a first simple question for you guys would be:
When installing freeIPA, with DNS, is the network configuration above still
advisable? Can there be any problem? Or should I rather use a different
domain for the internal network (I would really NOT like this option, but
I'm very interested to know why I should, if that is the case).


A second basic question is:
Would you see any potential problem in installing freeIPA on a FC21 Server
which currently hosts Atlassian Jira + Atlassian Stash (therefore git
repositories) + the required mysql databases?
My guess would be that they would not interfere, as:
- httpd (and related ports) is currently unused)
- Both Jira and Stash use thier own tomcat installation on custom ports
- mysql shouldn't be a problem?
- The machine isn't overloaded at all (4-5 developers use those services)

Am I overlooking something? Obviously I'd rather have a dedicated freeIPA
server, but if the above mentioned coexistence isn't a problem, then this
would be more cost-effective.

Thank you very much for your help, I'm looking forward to this upgrade.
Roberto
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150203/6fcd26f1/attachment.htm>

More information about the Freeipa-users mailing list