On 14. 10. 22 18:08, Bob McDonald wrote:
I'm thinking about redesigning an internal DNS environment. To begin
with, all internal DNS zones would reside on non-recursive servers
only. That said, all clients would connect to recursive resolvers.
The question is this; do I use an internal root with pointers to the
internal zones (as well as the outside DNS world) or do I include stub
zones to point at the non-recursive internal servers?
Access to the internal DNS zones would be controlled by location.
(e.g. guest WiFi devices would NOT have access to internal DNS
zones...)
Recursive resolvers would allow implementation of features such as RPZ, etc.
I have a better proposition for you:
Use a properly delegated name like internal.example.com, where
example.com is a domain you own.
This way you don't need to mess with manual configuration for stub zones
or hints and keep them updated.
ACLs can be applied on auths as needed to limit access to the "internal"
zone from outside, but there is no technical reason why it cannot be
delegated from public tree - and it will save you lots of headache.
HTH.
--
Petr Špaček
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
