On Wed, Aug 05, 2020 at 07:34:25AM +0200, Florian Obser wrote:
> You could unbreak this in DNS by setting up insecure delegations
> (publishing NS records without DS records) for your internal zones.
> Doesn't mean that the authoritatives need to be reachable from the outside.
> That would unbreak it for all your machines.
>
> It doesn't look like you are running real split horizon DNS, you are
> just being "lazy".
putting a 192.168/16 address in an Internet A is sorta shitty because anyone
can make use of that in their own 192.168/16. FQDN and all. So I'd like to
avoid this.
Yes.
> >
> > unwind is being overly picky about this it seems. Is there a way to tell
> > it,
> > to not try to validate these internal zones?
>
> The other way is:
>
> force [accept bogus] type {name ...}
> Force resolving of name and its subdomains by the given resolver
> type. If accept bogus is specified validation is not enforced.
Thanks! That worked for me!
Best Regards,
-peter
