Alexander, I appreciate your reply :)
I run my home's FreeIPA deployment at 'example.net' and
rely on firewalls
and external DNS server to provide a safer outer view to it. There is
nothing wrong with this approach -- as well as with 'ipa.example.net'
approach either.
Let us assume I have no other DNS servers at all for 'example.net'. If I put the
FreeIPA root at 'ipa.example.net', is it possible to add the "parent"
'example.net' as an authoritative domain in FreeIPA's DNS server? Or can it
only manage and serve DNS for its own subdomain and others below it? I'm sorry if this
is a basic / stupid question, I haven't had to deal with BIND in over a decade, and I
don't know how much the FreeIPA integration changes what can be done (I'm 99% sure
that BIND on its own can do this).
Thank you,
Braden M.