marka> DNS servers that are expected to be reached across sites need to marka> be globally unique addresses which ULA and LL are not.
The IP address clients use to reach the resolver doesn't have to be the same one that the resolver uses as source address when it queries. And it's not uncommon to have an externally exposed recursive resolver on the public side of a corporate firewall with queries from an internal resolver being forwarded. Using ULA/LL for the clients doesn't mean it can't be a used as a functional resolver via said forwarding/alternate address. Not saying I think using LL/ULA is a more secure architecture but it can be functional and should work on the local broadcast domain/LAN. _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
