Pradeep KNS via FreeIPA-users wrote:
Hello Team,
While setting up Freeipa in my Linux infrastructure.I noticed a strange
warning. I would like to clarify before rolling into production.
*
*
*|DNS zone
alpha-grep.com <
http://alpha-grep.com>. already exists in DNS
and is handled by server(s): ['ns2.', 'ns1.'] Please make sure that the
domain is properly delegated to this IPA server.|*
Detailed installation log i have updated in this link. Please suggest me
will it be any security flaw in future.Before installing it on production.
https://bpa.st/AMITK
I'm not sure what security issue you are worried about but you
explicitly allow this configuration with the --allow-zone-overlap
install option.
Your domain DNS is managed externally and you've installed a DNS server
to be authoritative for the same domain. If you want to expose you IPA
DNS to the Internet you'll need to repoint the nameservers on your
domain to your IPA host.
If what you're hoping to do is provide views, to limit what hosts are
resolvable depending on where the request is coming from, that is not
available in IPA. While IPA uses bind under the hood not all
capabilities are exposed.
So whether this configuration is acceptable or not is up to you.
rob