Resolve some hosts thats are dnssec signed differently
Matthias Fechner
idefix at fechner.net
Sun Feb 5 06:20:58 UTC 2023
Dear all,
I have a question regarding a setup I use at home.
It is for domain idefix.fechner.net.
I have at home a small server running with some services at it. As I do
not have a public IP, I tunnel traffic using pf on FreeBSD and openvpn
to route a public IP to my server at home.
This works nice but if I now access idefix.fechner.net it will always go
outside to the internet and then back through the tunnel to my local
server which is a real performance problem, as the internet connection
here is really slow.
The complete domain is dnssec signed using the following configuration:
zone "fechner.net" {
type master;
file "../master/fechner.net/fechner.net";
dnssec-policy "one-year-zsk";
inline-signing yes;
};
Now I want to make sure if I access idefix.fechner.net that it does not
use the tunnel but access it directly using the local address.
So the idea was to configure my named running at home to resolve some
host names differently.
What is here recommended best practice doing it?
Just added a new domain fechner.net and overwrite some A records? I
think that will break dnssec or?
Thanks for any pointer into the right direction.
Gruß
Matthias
--
"Programming today is a race between software engineers striving to
build bigger and better idiot-proof programs, and the universe trying to
produce bigger and better idiots. So far, the universe is winning." --
Rich Cook
More information about the bind-users
mailing list