host your subdomain on your own ?
lejeczek
peljasz at yahoo.co.uk
Sat Nov 13 10:18:53 UTC 2021
On 13/11/2021 07:16, Erich Eckner wrote:
> On Sat, 13 Nov 2021, Reindl Harald wrote:
>
> > Am 12.11.21 um 18:55 schrieb lejeczek via bind-users:
> >> On 12/11/2021 17:14, Reindl Harald wrote:
> >>> wouldn't it be easier to setup two different
> subdomains in which case you don't need delegation at all
> - your local named would hist the internal subdomain and
> doing recursion for everything else
> >>>
> >>> i mean when it's private and not www why does the
> world need to know about the subdomain?
> >>>
> >> Because I might not be able to control nor have input
> into local-private bind(s) and thus...
> >> clients/nodes on private networks would query
> www/public bind and only then would learn of
> 'priv.zone.top' and then, via that delegation to my own
> binds, 'priv.zone.top' would be served to local-private
> networks.
> >> - here is where 'views' come to mind, on my binds...
>
> > don't get me wrong but when you a) control a local bind
> where b) a public resolver delegates a subzone you should
> also be able to control that clients in this network use
> your named via dhcp
>
> The problem arises, as soon as you have some clients
> *outside* of this local net (inside some other local net),
> which should also resolve the internal ips - this is, what
> I have, and why I use a public zone for my private
> addresses: Most hosts are within my lan behind my own dns
> server, but some are "outside", but reachable via vpn -
> but I do not want to route all dns traffic for those
> through vpn, neither do I want to deploy dns servers for
> each of those machines.
>
@Erich
So that's allowed (& will work?) by bind protocols? On my
own bind facing www & serving my subdomain (delegated from
public registrar) I resolve to & serve private IPs?
That's the easiest way out I was hoping for, in my tricky
situation (being a part of large org it's often bureaucracy
which defeats everybody)
I too employ vpn and for similar reasons I'd prefer my
www-facing bind to resolve my private IPs for... who should
give a toss but me only?
To me it's very basic logic - if a user cannot get to a site
- URLs of which only informed regular users should know in
the first place - that is my business, right? (and precisely
what I want)
many thanks, L
More information about the bind-users
mailing list