Hi Alexander,
I am going to submit an RFE via Red Hat support case, to support multihomed IPA server
setup. I list two proposals in the RFE:
(1) Support Split DNS (views) which, I believe, is already supported by the underlying
BIND. This would allow us to define one view for IPA servers and another view for all the
rest. The IPA servers view would resolve IPA servers to their external IPs, so that they
can communicate to each other. And the other view would resolve the same IPA servers to
their internal IPs, for the local clients. I think this would be a simple solution for us,
that would avoid the need for all the tweaks described here. No need for host aliases
then.
(2) Support host aliases - based on all the discussion in this thread (DNS:SAN in all IPA
certs + proper support for aliases in HTTP Referer). Basically, make everything that we
discussed officially qualified and supported.
For us - any of the above solutions would do the job, I think.
I suppose, that's the right thing to ask for the long term.
In the shorter term - I was just wondering if it would be possible just to commit that
pending code change related to the HTTP Referers that you shared, considering that it is
anyway open for a while now? Because as you saw, all the rest can be solved by
configuration, and I am happy to automate it for our project. But of course, manually
changing the code in production is a "no go", due to supportability. Having this
small fix in place would greatly help us to continue, otherwise we have to consider
difficult design changes...
---
Regards,
Dmitry Perets