What is the proper way to delegate to a private / hidden sub-domain?
Grant Taylor
gtaylor at tnetconsulting.net
Wed May 6 20:37:59 UTC 2020
On 5/6/20 2:29 PM, Grant Taylor wrote:
> That's one of the hard requirements of what I'm doing. Not doing that
> is not an option.
To elaborate, the internal clients are in a sequestered network which
will never have outside access to it. As such, the outside world can
never query something from a system in it.
Further, the external publicaly accessible DNS servers exist elsewhere
on the Internet to provide just enough zone content to make delegation
happy.
Perhaps the external publicaly accessible parent example.net can
(blindly) delegate zones to internal private DNS servers. However I
dislike this because I believe it leaves things in an unclean state for
people on the Internet a large. At the very least it means no route to
host errors at best or at worst timeouts.
Conversly, what I'm working on will immediately and successfully return
a response of NXDOMAIN. Something that I think is cleaner for the
Internet at large.
--
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4013 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20200506/3ebd7e88/attachment.bin>
More information about the bind-users
mailing list