Access external hosts with internal split DNS resolver
Grant Taylor
gtaylor at tnetconsulting.net
Sun Aug 9 23:43:48 UTC 2015
On 8/9/15 12:38 AM, Heiko Richter wrote:
> Using the same domain with two seperate contents is just bad practice.
> And when you decide to use DNSSec sometime in the future it will leave
> your home network inoperable, because the trust delegations won't work
> anymore.
Since the OP is the RP for the mydomain.co.nz zone, wouldn't s/he have
access to the ZSK / KSK used externally and thus re-use them
internally? I would think that this could be made to work as far as
DNSSEC is concerned. (I'm FAR from a DNSSEC expert.)
Even if BIND is managing the zone signing for the OP and the internal
and external ""views got out of sync with each other, I would think that
they would still both validate because they would share the same ZSK (?)
in the parent zone (read: registrar). Is this not the case?
Consider this me, an ignorant ... asking for an accademic discussion
about this (mis)use of ""views. (Yes, I know that I'm abusing the term
"view". Though arguably proper views could be used to accomplish the
same thing.)
--
Grant. . . .
unix || die
More information about the bind-users
mailing list