Hello Jason, On 12 Dec 2014, at 19:07 , Jason Frisvold <[email protected]> wrote:
> Peter van Dijk wrote: >> Hello Jason, >> >> If your clients are end hosts (i.e. machines with the equivalent of >> resolv.conf), they should always be talking to a recursor. If your ‘view’ >> needs are simple (just a few overridden IPs here and there), using pre- or >> postresolve in the PowerDNS Recursor would suit your needs fine. > > I was hoping to make it easy and have the scripting on the authoritative > server. Internal machines use the internal recursors as normal, and the > auth server replies with the appropriate data. External clients hitting > the auth servers would only get the external view. > > The data is distinct, there aren't any overlaps.. It's really just a > security by obscurity layer. In addition to all of the "real" security > layers as well... In that case it’s easiest to have a second auth server for internal data, and make sure your recursor talks to that one. You can use forward-zones in the recursor to make that happen. Kind regards, -- Peter van Dijk Netherlabs Computer Consulting BV - http://www.netherlabs.nl/ _______________________________________________ Pdns-users mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-users
