writeable secondary zone?
Carl Byington
carl at byington.org
Wed Jan 4 01:22:56 UTC 2017
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On Tue, 2017-01-03 at 16:35 -0800, Nex6 wrote:
I have a very specific issue, where a partner org, wants me to add an
> SRV record for there org. (i dont want to)
If I understand the question, we have
nex6.example.com -- under your dns control
partner.example.com -- dns under the control of your partner, and they
want *you* to see something like:
_http._tcp.partner.example.com. SRV 0 5 80 www.example.com.
but they don't want to add that record in their own partner.example.com
zone where it would be visible to the world.
You could use RPZ on your recursive resolvers for that, to add that SRV
record into their zone (assuming that they are not DNSSEC signing their
zones). Of course, that record would then be visible to all of your
users, not just the ones using that application. But does the existance
of that extra SRV record hurt any of those users?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
iEYEAREKAAYFAlhsTkIACgkQL6j7milTFsGwfACeNi6U4lBSKetOjHZ6yk1fnZF3
4+gAn2JwvxmNv8fksTd20Y8mW+o7QOdZ
=Snhu
-----END PGP SIGNATURE-----
More information about the bind-users
mailing list