Hello Angus,
Besides what Peter has written, let's get this warning from FreeIPA site [1]:
> **Avoid name collisions**
> We strongly recommend that you do not use a domain name that is not
> delegated to you, even on a private network. For example, you should
> not use domain name
company.int if you don't have valid delegation for
> it in public DNS tree.
As you can see, it is similar to what was on the Red Hat documentation you
mentioned before.
This first part of the warning says that you should not configure your domain
name with some "random" name if you don't own the domain. For example,
you should not use "
cisco.com", "
google.com" or "
redhat.com", even if your
network is a private one. Note that, if it is a private network, you "could" do it,
but you shouldn't do it.
Why? The answer is on the warning itself:
> If this rule is not respected, the domain name will be resolved differently
> depending on the network configuration. As a result, network resources
> will become unavailable.
> Using domain names that are not delegated to
> you also makes DNSSEC more difficult to deploy and maintain. For
> further information about this issue please see the ICANN FAQ on
> domain name collisions.
Imagine you try to access google search and your private network uses
'
google.com' as the domain. You would probably be redirected to an internal
server, instead of Google's search engine. (I'll not even get into DNSSEC
issues.)
So, you find everywhere about "a domain that is delegated to you", well,
Even as your domain have nameserver which is probably not under your
control (and controlled by whom you registered your domain), you have
control over your domain, and as such, you can create subdomains on
your private network that will not collide with any other domain (say,
If you manage this domain from your internal FreeIPA servers, there
will be no name collision.
I have a (few) registered domain(s), which I use both as a public
facing server (static, github pages), and within my private network,
which no one from outside can see, I have a subdomain (ipa) which
I use for managing my users and hosts.