Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.protocols.dns.bind > #15732
| Path | csiph.com!weretis.net!feeder7.news.weretis.net!paganini.bofh.team!news.killfile.org!usenet-its.stanford.edu!usenet.stanford.edu!not-for-mail |
|---|---|
| From | Grant Taylor <gtaylor@tnetconsulting.net> |
| Newsgroups | comp.protocols.dns.bind |
| Subject | Re: What is the proper way to delegate to a private / hidden sub-domain? |
| Date | Wed, 6 May 2020 14:37:59 -0600 |
| Lines | 119 |
| Approved | bind-users@lists.isc.org |
| Message-ID | <mailman.366.1588797473.942.bind-users@lists.isc.org> (permalink) |
| References | <20200506202139.6F9EB18D9BE2@ary.qy> <18371e2e-ca0b-8d92-a634-043a468d2e70@tnetconsulting.net> <7a65a836-b273-b10c-b1eb-cc0e8407befe@tnetconsulting.net> |
| NNTP-Posting-Host | lists.isc.org |
| Mime-Version | 1.0 |
| Content-Type | multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="------------ms050809070003050203040007" |
| X-Trace | usenet.stanford.edu 1588797487 31907 149.20.1.60 (6 May 2020 20:38:07 GMT) |
| X-Complaints-To | action@cs.stanford.edu |
| To | bind-users@lists.isc.org |
| Return-Path | <gtaylor@tnetconsulting.net> |
| X-Original-To | bind-users@lists.isc.org |
| Delivered-To | bind-users@lists.isc.org |
| DKIM-Signature | v=1; a=rsa-sha256; c=simple/simple; d=tnetconsulting.net; s=2019; t=1588797482; bh=fcOQ40tNMeY12tZShSzx54aVH+ObPET6/5m7GNeU8ng=; h=Subject:From:To:References:Message-ID:Date:User-Agent: MIME-Version:In-Reply-To:Content-Type:Cc:Content-Disposition: Content-Language:Content-Transfer-Encoding:Content-Type:Date:From: In-Reply-To:Message-ID:MIME-Version:References:Reply-To: Resent-Date:Resent-From:Resent-To:Resent-Cc:Sender:Subject:To: User-Agent; b=oAXuHwbnz1zCOBzjgDhqNlyOTX7OK8dkM4oYoPw6w+ejJGXcXG7PAU1PPPzA5jzzv laRh2+nqjdwzkF0wwicbtFrqtfsZisyZ0+zWfLmNz0Aq1ESZD0rFaVzY4b6Y46K0Fl 2Zm8QRG9ybWogRsv9QVebW/alh1PLuR0/i1DsTgU= |
| User-Agent | Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:68.0) Gecko/20100101 Thunderbird/68.7.0 |
| In-Reply-To | <18371e2e-ca0b-8d92-a634-043a468d2e70@tnetconsulting.net> |
| X-Spam-Status | No, score=-2.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,GPG_SIGNED,RCVD_IN_DNSWL_NONE, SPF_HELO_PASS,SPF_PASS autolearn=disabled version=3.4.2 |
| X-Spam-Checker-Version | SpamAssassin 3.4.2 (2018-09-13) on mx.pao1.isc.org |
| X-BeenThere | bind-users@lists.isc.org |
| X-Mailman-Version | 2.1.29 |
| Precedence | list |
| List-Id | BIND Users Mailing List <bind-users.lists.isc.org> |
| List-Unsubscribe | <https://lists.isc.org/mailman/options/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=unsubscribe> |
| List-Archive | <https://lists.isc.org/pipermail/bind-users/> |
| List-Post | <mailto:bind-users@lists.isc.org> |
| List-Help | <mailto:bind-users-request@lists.isc.org?subject=help> |
| List-Subscribe | <https://lists.isc.org/mailman/listinfo/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=subscribe> |
| X-Mailman-Original-Message-ID | <7a65a836-b273-b10c-b1eb-cc0e8407befe@tnetconsulting.net> |
| X-Mailman-Original-References | <20200506202139.6F9EB18D9BE2@ary.qy> <18371e2e-ca0b-8d92-a634-043a468d2e70@tnetconsulting.net> |
| Xref | csiph.com comp.protocols.dns.bind:15732 |
Show key headers only | View raw
[Multipart message — attachments visible in raw view] - view raw
On 5/6/20 2:29 PM, Grant Taylor wrote: > That's one of the hard requirements of what I'm doing. Not doing that > is not an option. To elaborate, the internal clients are in a sequestered network which will never have outside access to it. As such, the outside world can never query something from a system in it. Further, the external publicaly accessible DNS servers exist elsewhere on the Internet to provide just enough zone content to make delegation happy. Perhaps the external publicaly accessible parent example.net can (blindly) delegate zones to internal private DNS servers. However I dislike this because I believe it leaves things in an unclean state for people on the Internet a large. At the very least it means no route to host errors at best or at worst timeouts. Conversly, what I'm working on will immediately and successfully return a response of NXDOMAIN. Something that I think is cleaner for the Internet at large. -- Grant. . . . unix || die
Back to comp.protocols.dns.bind | Previous | Next — Next in thread | Find similar | Unroll thread
Re: What is the proper way to delegate to a private / hidden sub-domain? Grant Taylor <gtaylor@tnetconsulting.net> - 2020-05-06 14:37 -0600 Re: What is the proper way to delegate to a private / hidden sub-domain? "John Levine" <johnl@iecc.com> - 2020-05-06 17:40 -0400
csiph-web