In our current environment we have internal and external machines. With the different donations we've received it makes sense de-centralize the way we look at our infrastructure. Presently access to machines is either: fedora.phx.redhat.com or fedoraproject.org
fedora.phx.redhat.com or fedoraproject.org
People have to know what machines are where ahead of time to get to the hosts. I'll be setting up a vpn for all of our machines so that all machines can be accessed via hostname.vpn.fedoraproject.org once you're on the network (typically through bastion)
All front facing servers will be accessed via fedoraproject.org (this will ultimately include our test servers as well)
These are the steps as I see them:
Also we can use the search field in resolv.conf to simplify your hosts as well as give preference when talking about which server should talk to what. For example, the proxy servers in PHX could have a search like:
search fedora.phx.redhat.com vpn.fedoraproject.org fedoraproject.org
Then when searching for app4 or app3 they would hit phx directly, bypassing the vpn. but when searching for app5, they would hit the vpn.
I'd like to move to using the search field in /etc/resolv.conf This will generally make it easier for us to do things.
DNS should be all set now.
Login to comment on this ticket.