RE: Stealth NS records

A number of places use a 'stealth' (or 'hidden') master as a bit of protection from potential bad actors. It's a network domain barrier between the master (usually on an internal-only network) from a public network with potential bad actors. For example, a dynamic update for a zone will

RE: Stealth NS records

"Stealth" implies something that isn't seen in the normal course of activity, so it's really the *wrong* word to use here, since the apex NS records are seen during normal iterative resolution, and in fact the apex NS records take precedence over the delegated NS records in the sense of RFC

Re: 2 Qs: DNS64 on IPv4 & Bind Sharing VM

Thank you. I'll check that as I configure Bind (are you referencing a specific configuration? I've seen https://www.safaribooksonline.com/library/view/dns-and-bind/9781449308025/ch04.html & http://ipvsix.me/?p=106). But Bind won't throw an error if it can't access an IPv6 network/DNS, right?

Re: 2 Qs: DNS64 on IPv4 & Bind Sharing VM

Add exclude { ::/0; }; to the dns64 definition. It won’t prevent the lookup but will cause the returned to be ignored. -- Mark Andrews > On 3 Apr 2018, at 23:14, Rick Tillery wrote: > > I am creating an IPv6-only subnet to test software for IPv6 compatibility.

2 Qs: DNS64 on IPv4 & Bind Sharing VM

I am creating an IPv6-only subnet to test software for IPv6 compatibility. We just need to check that the software can function correctly in an IPv6 network, so prefixed IPv4 addresses work the same as real IPv6 addresses in this testing. We also don't actually need access to the IPv6 Internet,