How should I configure internal and external DNS servers
Michael Richardson
mcr at sandelman.ca
Sun Nov 5 10:30:27 UTC 2023
Greg Choules via bind-users <bind-users at lists.isc.org> wrote:
> What would be better (IMHO) is for you to keep "example.com" as your
> external zone in an external (hopefully in a DMZ) primary server,
> serving the world with public addresses they need to reach, and
> internally create a new zone - "internal.example.com" (maybe also other
> "somethingX.example.com" too) as your internal zone in an internal
> primary server for serving internal clients with the addresses they
> need.
Would anyone be interested in formulating this into an IETF BCP RFC?
Or maybe a RIPE BCOP.
Your write up is excellent. Worth keeping it somewhere.
> The reason for the delegation is DNSSEC. If you enable DNSSEC
Yes.
> That was a bit of an essay, but I hope at least some of it made sense.
:-)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 658 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20231105/28d29b0c/attachment.sig>
More information about the bind-users
mailing list