Pradeep KNS via FreeIPA-users wrote:
Hello Team,
While setting up Freeipa in my Linux infrastructure.I noticed a strange warning. I would like to clarify before rolling into production.
*|DNS zone alpha-grep.com http://alpha-grep.com. already exists in DNS and is handled by server(s): ['ns2.', 'ns1.'] Please make sure that the domain is properly delegated to this IPA server.|*
Detailed installation log i have updated in this link. Please suggest me will it be any security flaw in future.Before installing it on production.
I'm not sure what security issue you are worried about but you explicitly allow this configuration with the --allow-zone-overlap install option.
Your domain DNS is managed externally and you've installed a DNS server to be authoritative for the same domain. If you want to expose you IPA DNS to the Internet you'll need to repoint the nameservers on your domain to your IPA host.
If what you're hoping to do is provide views, to limit what hosts are resolvable depending on where the request is coming from, that is not available in IPA. While IPA uses bind under the hood not all capabilities are exposed.
So whether this configuration is acceptable or not is up to you.
rob