Ask Your Question

FreeIPA - domain name choice?

asked 2016-04-12 06:34:31 -0500

daveg gravatar image

Which domain name and realm should I use for FreeIPA?

I have a server for my home network running Fedora 22 and have been PLAYING with FreeIPA in a Fedora 23 VM.

Now I'd like to actually use it for single-sign-on and automount home directories etc.

My home network currently uses a fake domain name with named/dhcpd. I also have a domain name that I only use for email but I can manage some DNS records. It's in the domain which is not currently signed. DNSSEC is on the horizon but named can handle that locally. Happy to manage my own PKI and DNS trust roots. My Internet connection is ADSL2+ with DHCP, dynamic address. I have no requirement at the moment for external access. If I need external access I'll probably use noip (unrelated domain name) and IPSec. All local clients use my DNS server.

I think my options are:

  • Directly use my registerd domain name (internal DNS only).
  • Create and use a subdomain of my registered domain name.
  • Use another (or the same) fake domain.

Any advice appreciated!

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2016-04-12 14:56:29 -0500

sideburns gravatar image

Welcome to ask.fedora. If you don't need external access to your computer, it doesn't really matter what you name it as long as it doesn't conflict with anything. (This is just so that your computer doesn't get confused if/when you try to access that other box.) My suggestion is to give it a name on the domain you have registered, just to be safe, such as (If you're expecting to have more than one computer at home, it helps to have a naming scheme to keep the various names consistent. As an example, I name my computers after places you can't visit, such as planets from SF stories or cities in fantasies that I've enjoyed.) You can use someplace like to be the authoritative DNS servers instead of your hosting company so that you can have a record for your home computer that always points to your current dynamic IP address. (This service is free, btw.) Then, you can allow incoming ssh connections to be sent only to that one box, allowing you to use ssh for remote access, or ssh2 to give you ftp access when you're not home. You may not think that you'll ever need this, but it can come in very handy if you're ever on a business trip and find out that you forgot to bring an important file with you.

edit flag offensive delete link more

Question Tools

1 follower


Asked: 2016-04-12 06:34:31 -0500

Seen: 311 times

Last updated: Apr 12 '16