On Thu, 2025-03-13 at 16:23 +0100, Ronald Wimmer via FreeIPA-users
wrote:
> The growing number of PCs, Notebooks, VMs, Raspberries and so on
> makes
> me want an IPA installation at home too. Anyone using IPA @home?
Yep. I've run a FreeIPA here @home on EL{6,7,8}, (and EL9 as soon as I
can ELevate (https://almalinux.org/elevate/) my current EL8
"everything" server). Being an only @home server I typically only run
with a single "master" instance, no replicas.
Do note however that ELevate is unable to upgrade FreeIPA in-place like
it does with the rest of the O/S so if, like me, you typically only
have the single instance, you will temporarily have to stand up a
replica while the O/S upgrade happens and then migrate the replica back
to the master after the upgrade, all per usual and supported FreeIPA
upgrading processes.
> If yes, how do you run it? (dedicated machine, VM, Container?)
I have a dedicated "everything" (FreeIPA, e-mail, NFS, HTTP server,
etc.) server that I run it on.
> What
> about DNS?
DNS of course is a component of FreeIPA. I have mine configured to be
a recursive resolver for my LAN in addition to it being authoritative
for the LAN zone(s) and accepting DDNS updates from the DHCP server.
> I do not quite like that IPA wont let me use a single label domain
> like
> "lan" but I guess I will get used to it.
Heh. I didn't know about that limitation but I suppose that's because
I have a registered domain that I just use universally inside and
outside of my LAN (using split-horizon DNS) so that all services work
transparently regardless of whether I am on the LAN or out on the
Internet/on-VPN.
Not really related to FreeIPA, but the one weak point in my setup is
the lack of cohesion between IPv4 and IPv6 in the DNS. IPv4 hosts get
their address from DHCP and accordingly get names in the DNS. No such
thing exists for IPv6. Yes, there is DHCPv6 which could achieve the
goal but Android doesn't support DHCPv6 so those devices fail to play
into the scheme. Android does have a DHCPv6-information extension RFC
in the process of being accepted (IIRC) that will solve this IPv6-
SLAAC-DNS problem but I expect it be some time before it's actually all
usable.
Cheers,
b.
--
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
