Nikolaos Milas wrote: > On 3/3/2015 2:44 μμ, Nikolaos Milas wrote: > >> Ideally, we would like pdns to be configured to reply to requests *for >> particular names* (under a specific subdomain, say internal.example.com) by >> only providing AAAA records (if available, otherwise no results) and hide A >> records. >> >> This way we could specify (for names under a specific domain), "A" records >> which will contain a Private IP Address, so as to not be visible to the >> Internet but only locally. > > Corrections/Clarifications: > > Ideally, we would like pdns to be configured to reply to requests *for > particular names* (under a specific subdomain, say internal.example.com) by > only providing AAAA records (if available, otherwise no results) and hide A > records to all requests, except to those from our own networks (as would be > configured), to which full replies would be provided. > > This way we could specify (for names under a specific domain), "A" records > which will contain a Private IP Address, so as to not be visible to the > Internet but only locally (to our own networks, which would be specified > explicitly).
This sounds a bit like a special case for split horizon DNS. I promised to configure a demo using powerdns with LDAP backend for this based on OpenLDAP ACLs and several powerdns instances using different LDAP identities. Feel free to come here and ask whether I managed to get it working in time: https://chemnitzer.linux-tage.de/2015/en/programm/beitrag/134 Ciao, Michael.
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users