On 18.10.22 09:23, Bob McDonald wrote:
There are no outside clients. In this example, I'm only discussing inside
clients on inside DNS. The recursive resolvers that ALL inside clients
connect to will seek responses from the DNS root servers AFTER determining
that the response can not be determined from the internal DNS zones. There
is no access provided to outside (internet centric) clients to inside DNS.
The determination of known/unknown clients is via a NAC layer and further,
the classification of unknown gets automatically assigned to those clients
combining in through GUEST WiFi (e.g. cell phones, ipads, etc.). Most
organizations with a NAC layer in place have procedures to allow unknown
clients temporary access at some level (e.g. vendors, etc.).
this way the situation is even easier.
you can use two distinct serves for internal and wi-fi clients, where only
internal server will contain internal zones.
you can achieve the same effect with views, no other DNS servers are
necessary
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
There's a long-standing bug relating to the x86 architecture that
allows you to install Windows. -- Matthew D. Fuller
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
