On Thu, Apr 22, 2021 at 5:21 PM Benny Pedersen <[email protected]> wrote: > On 2021-04-22 16:44, Marco Pizzoli wrote: > > > I am afraid you did not get my point. > > i dont know your solution then > > rpz and qname can be problematic > > https://labs.ripe.net/author/wouter_de_vries/making-the-dns-more-private-with-qname-minimisation/ > > > I needed to have Postfix to solve Internet DNS names, for obvious > > reasons. > > bind9 can have split dns views > > > At the same time, I needed to be able to solve Intranet DNS names: > > monitoring server, backup server, etc... > > dns split views is your frind there > > > Due also to some other constraints, I ended up relying on static > > entries in /etc/hosts. > > this file is only for when real dns server is down, not used when dns > server is up > > > It was at that time my best bad option. > > if you like more help please post more info on the real problem >
I appreciate your effort to help, really, but we would probably go off-topic here. I just can add that the environment in which I was working had the original sin to use the same "internet" dns domain for both internet and intranet names. So a simple forwarder dns was not sufficient. We would end up creating N forward-zones, one for every server. The /etc/hosts solution was the short-term solution for just the Postfix setup. Months later we mitigated the corporate issue by making use of static rpz-zones, via BIND. I am aware of DNS views, but my understanding of them is to create a separate view of the DNS world based on the client submitting the request... So how would I discriminate a request coming from Postfix in comparison to another coming from my backup agent? Both of them are exiting from the same network-interface of the same server, via the same IP address. Isn'it?
