Hi

You could host split view dns so as to only give responses to queries from certain (your) IP addresses, thus hiding your private DNS information from general public queries.

Similarly yet more succinctly, you could use a subdomain and delegate the DNS for that to a private IP in your network, again using a split view so that the delegation is only resolvable from certain (your) IPs. This way your private DNS records are fully internal (your DNS server) under a subdomain.

I've not yet done this myself but have considered this kind of setup (subdomain delegation) for some future company DNS implementation.

Regards
Angus

From: Dave Mintz via FreeIPA-users <freeipa-users@lists.fedorahosted.org>
Sent: Sunday, 26 December 2021, 8:16 pm
To: freeipa-users@lists.fedorahosted.org
Cc: Dave Mintz
Subject: [Freeipa-users] DNS and FreeIPA

Hello,
I have been trying to set up FreeIPA on an internal CentOS 8 server.  I was successful in getting it running, I set up DNS for internal queries.  It worked.  However, when I tried to set up SSL certs I ran into issue.

My question is this: 
I own a legitimate domain.
It is not “hosted”.
I have no intention of exposing any of my internal servers to the Internet.
How do I go about configuring the DNS at my registrar so that when I configure my internal servers, including FreeIPA, DNS, SSL, email, etc., any requests that go out to the Internet will resolve correctly?

Any help or pointers to documentation would be greatly appreciated.

Dave
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.fedoraproject.org%2Fen-US%2Fproject%2Fcode-of-conduct%2F&amp;data=04%7C01%7C%7C735a8328373c4dfc788008d9c8a442ee%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637761430092157142%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp;sdata=OIXNMzv4ONJhUpVRA2khEvypcSDQ7Oa%2B6fVqwEaLmmg%3D&amp;reserved=0
List Guidelines: https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffedoraproject.org%2Fwiki%2FMailing_list_guidelines&amp;data=04%7C01%7C%7C735a8328373c4dfc788008d9c8a442ee%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637761430092157142%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp;sdata=3SMuHPmrKA4vVO6KA%2FnCasNRt7Ss%2Bvnx8AbuhNs5XrY%3D&amp;reserved=0
List Archives: https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.fedorahosted.org%2Farchives%2Flist%2Ffreeipa-users%40lists.fedorahosted.org&amp;data=04%7C01%7C%7C735a8328373c4dfc788008d9c8a442ee%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637761430092157142%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp;sdata=S3Yb%2FyHNtCDe2otDl3kh1jjUrCOYS8gqstXOeGYMBKI%3D&amp;reserved=0
Do not reply to spam on the list, report it: https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpagure.io%2Ffedora-infrastructure&amp;data=04%7C01%7C%7C735a8328373c4dfc788008d9c8a442ee%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637761430092157142%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp;sdata=1r8hEHzDR1Pppe46r8CR4IeCfaTtqQ%2Fv5RBAXn90w04%3D&amp;reserved=0