On 07. 02. 23 7:45, Matthias Fechner wrote:
So if I would like to access idefix.fechner.net it makes a DNS lookup
which returns the A record for idefix.fechner.net and it sees it does
not belong to my interface so it uses the default gateway to go to my
internet provider. It reaches my
Hi Nick, and all that are interested,
I tried now RPZ and it seems to work fine. I will see if it works with
all devices as expected the next weeks.
I think that a device that uses a local resolver that checks DNSSEC will
maybe refuse this solution.
Just for other users searching for a
Hi Matthias.
Using a Response Policy Zone on your internal DNS resolver, to change
the answers to DNS queries for your domain from 195.30.95.36 to
192.168.0.1, sounds like the solution that most closely matches what
you've described. Just be aware though, if you have any internal clients
Hi Darren, Hi Nick,
at first thanks a lot for your answer.
I see that I have not explained my use-case detailed enough.
I have bind running for domain fechner.net, but not at home and this
server I think is here completely out of discussion.
If I must not touch it, I do not want to touch it as
Hi Matthias.
It isn't clear whether the issue you're trying to solve is (a) avoiding
DNS resolution going out then in to get to your authoritative servers,
or (b) with resolved addresses of your servers being the public address
which means that data packets sent to/from those servers are
Matthias,
This is what I did to force my resolver bind instance to lookup my
internal domain directly on my authoritative bind instance without
asking any other servers (would have failed anyway as it is a fake
domain "mylocal"):
// on resolver (or caching name server)
zone "mylocal" {
type
Dear all,
I have a question regarding a setup I use at home.
It is for domain idefix.fechner.net.
I have at home a small server running with some services at it. As I do
not have a public IP, I tunnel traffic using pf on FreeBSD and openvpn
to route a public IP to my server at home.
This
7 matches
Mail list logo
