> My solution is not to mix dynamic update with other access.
> Instead, I put in CNAMEs in the signed zone to a sub-zone (or other zone)
> where I do exclusive dynamic update. This isn't perfect, but it works
> well enough to allow dns-01 (certbot/LetsEncrypt) to be able to refresh my
>
Hi Xinyu,
What matters is the kernel routing table for the addresses of the remote
servers. The query source address can specified by config, but the kernel will
choose which interface to use.
Maybe you can put each interface into their own routing table? How to do this
is OS dependent,
2 matches
Mail list logo