host your subdomain on your own ?

lejeczek peljasz at yahoo.co.uk
Sat Nov 13 10:18:53 UTC 2021 


On 13/11/2021 07:16, Erich Eckner wrote:
> On Sat, 13 Nov 2021, Reindl Harald wrote:
>
> > Am 12.11.21 um 18:55 schrieb lejeczek via bind-users:
> >> On 12/11/2021 17:14, Reindl Harald wrote:
> >>> wouldn't it be easier to setup two different 
> subdomains in which case you don't need delegation at all 
> - your local named would hist the internal subdomain and 
> doing recursion for everything else
> >>>
> >>> i mean when it's private and not www why does the 
> world need to know about the subdomain?
> >>>
> >> Because I might not be able to control nor have input 
> into local-private bind(s) and thus...
> >> clients/nodes on private networks would query 
> www/public bind and only then would learn of 
> 'priv.zone.top' and then, via that delegation to my own 
> binds, 'priv.zone.top' would be served to local-private 
> networks.
> >> - here is where 'views' come to mind, on my binds...
>
> > don't get me wrong but when you a) control a local bind 
> where b) a public resolver delegates a subzone you should 
> also be able to control that clients in this network use 
> your named via dhcp
>
> The problem arises, as soon as you have some clients 
> *outside* of this local net (inside some other local net), 
> which should also resolve the internal ips - this is, what 
> I have, and why I use a public zone for my private 
> addresses: Most hosts are within my lan behind my own dns 
> server, but some are "outside", but reachable via vpn - 
> but I do not want to route all dns traffic for those 
> through vpn, neither do I want to deploy dns servers for 
> each of those machines.
>
@Erich
So that's allowed (& will work?) by bind protocols? On my 
own bind facing www & serving my subdomain (delegated from 
public registrar) I resolve to & serve private IPs?
That's the easiest way out I was hoping for, in my tricky 
situation (being a part of large org it's often bureaucracy 
which defeats everybody)
I too employ vpn and for similar reasons I'd prefer my 
www-facing bind to resolve my private IPs for... who should 
give a toss but me only?
To me it's very basic logic - if a user cannot get to a site 
- URLs of which only informed regular users should know in 
the first place - that is my business, right? (and precisely 
what I want)

many thanks, L

More information about the bind-users mailing list