Hi,

I'd like to ask for your advise for the following topology... On a given site, IPA server has two legs (two NICs), let's call them "inside NIC" and "outside NIC". The inside NIC subnet is local to the site. The outside NIC subnet is interconnecting sites.

All the local clients talk to IPA via the inside NIC. But to setup a replica on another site, we must reach IPA via outside NIC (the inside subnet is not routable beyond the local site boundaries).

So the question arises: how to configure proper DNS resolution for the hostname of the IPA server itself? DNS is handled by IPA itself, fully in our control. So we have two options:

1. We create two A records for the same IPA hostname, let's say "ipa.site1.example.com". But then not sure if it will work fine... Technically, two IPs for the same name means load-balancing, right? So will I have intermittent connectivity issues, because it will return inside and outside IP interchangebly?

2. We create a new DNS name, e.g. "ipa-outside-site1.example.com", for the outside IP, and manually add it to the @ entry of "example.com", so that wannabe-replica on the remote site can use that FQDN as its master IPA. Will this work fine..? Will it not cause issues to the local clients on site1, who must keep using IPA with inside IP? Will it not cause issues on IPA server itself for some reason?

Please share your experience on this! Thanks.