Question About Internal Recursive Resolvers
Matus UHLAR - fantomas
uhlar at fantomas.sk
Wed Oct 19 09:07:39 UTC 2022
On 18.10.22 09:23, Bob McDonald wrote:
>There are no outside clients. In this example, I'm only discussing inside
>clients on inside DNS. The recursive resolvers that ALL inside clients
>connect to will seek responses from the DNS root servers AFTER determining
>that the response can not be determined from the internal DNS zones. There
>is no access provided to outside (internet centric) clients to inside DNS.
>The determination of known/unknown clients is via a NAC layer and further,
>the classification of unknown gets automatically assigned to those clients
>combining in through GUEST WiFi (e.g. cell phones, ipads, etc.). Most
>organizations with a NAC layer in place have procedures to allow unknown
>clients temporary access at some level (e.g. vendors, etc.).
this way the situation is even easier.
you can use two distinct serves for internal and wi-fi clients, where only
internal server will contain internal zones.
you can achieve the same effect with views, no other DNS servers are
necessary
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
There's a long-standing bug relating to the x86 architecture that
allows you to install Windows. -- Matthew D. Fuller
More information about the bind-users
mailing list