Question About Internal Recursive Resolvers
Matus UHLAR - fantomas
uhlar at fantomas.sk
Fri Oct 14 17:16:42 UTC 2022
On 14.10.22 12:08, Bob McDonald wrote:
>I'm thinking about redesigning an internal DNS environment. To begin
>with, all internal DNS zones would reside on non-recursive servers
>only.
why?
> That said, all clients would connect to recursive resolvers.
don't they now?
>The question is this; do I use an internal root with pointers to the
>internal zones (as well as the outside DNS world) or do I include stub
>zones to point at the non-recursive internal servers?
stub zones, forward zones (forward with recursion bit set) or static-stub
zones (send iterative queries to configured servers)
>Access to the internal DNS zones would be controlled by location.
if you have recursive servers in internal network, you don't need control
access on auth-only servers.
>(e.g. guest WiFi devices would NOT have access to internal DNS
>zones...)
>
>Recursive resolvers would allow implementation of features such as RPZ, etc.
do you need RPZ for internal zones?
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
LSD will make your ECS screen display 16.7 million colors
More information about the bind-users
mailing list