On Fri, May 14, 2021 at 8:41 AM Brian Candler via Pdns-users <pdns-users@mailman.powerdns.com> wrote: > > If you really care (and honestly, it's security-through-obscurity) then > you can run a separate auth server for your internal DNS, and stick it > on a private IP address that only your internal resolvers can reach.
I agree with this sentiment; my publicly-visible zones contain records with both private addresses and with non-reachable public addresses (IPv6 GUAs), and I'm fine with that. If someone can learn the address of one of those systems, that doesn't cause any harm. _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
