On 5/6/20 2:29 PM, Grant Taylor wrote:
That's one of the hard requirements of what I'm doing. Not doing that is not an option.
To elaborate, the internal clients are in a sequestered network which will never have outside access to it. As such, the outside world can never query something from a system in it.
Further, the external publicaly accessible DNS servers exist elsewhere on the Internet to provide just enough zone content to make delegation happy.
Perhaps the external publicaly accessible parent example.net can (blindly) delegate zones to internal private DNS servers. However I dislike this because I believe it leaves things in an unclean state for people on the Internet a large. At the very least it means no route to host errors at best or at worst timeouts.
Conversly, what I'm working on will immediately and successfully return a response of NXDOMAIN. Something that I think is cleaner for the Internet at large.
-- Grant. . . . unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users