On 14/05/2021 13:03, Nikolaos Milas via Pdns-users wrote:
2. If anyone on the Internet looks up *directly* a particular hostname
under private.noa.gr zone (e.g. example.private.noa.gr), won't they be
able to see data about it? Shouldn't we somehow deny all Internet
requests for that particular zone (in addition to AXFRs), and only
allow internal requests?
If so, how do we configure PowerDNS (Authoritative) to allow requests
only from specific IP ranges for that particular zone?
If you really care (and honestly, it's security-through-obscurity) then
you can run a separate auth server for your internal DNS, and stick it
on a private IP address that only your internal resolvers can reach.
You could also stick dnsdist in front of your main auth server - but
unless you need it for other reasons, I'd say that's just another layer
of complexity.
_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users
