Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.protocols.dns.bind > #15733
| From | "John Levine" <johnl@iecc.com> |
|---|---|
| Newsgroups | comp.protocols.dns.bind |
| Subject | Re: What is the proper way to delegate to a private / hidden sub-domain? |
| Date | 2020-05-06 17:38 -0400 |
| Organization | Taughannock Networks |
| Message-ID | <mailman.367.1588801131.942.bind-users@lists.isc.org> (permalink) |
| References | <mailman.364.1588797009.942.bind-users@lists.isc.org> <20200506213857.25B5E18DA617@ary.qy> |
In article <mailman.364.1588797009.942.bind-users@lists.isc.org> you write: >> This really seems like ordinary split horizon DNS. > >Please explain what you mean by "split horizon DNS" like I'm a n00b, >because obviously my understanding of it differs from what your >understanding seems to be. The DNS server sends different answers depending on the client IP, so on your internal network it sees the private subdomain, everywhere else sees a ENT or NXDOMAIN. If you really have to use physically separate servers for reasons that you can't explain, I suppose putting the two servers at the same IP addresss facing different networks could work, although you're asking for trouble with route leaks anytime someone adjusts a router anywhere near one or the other. Remember that with normal anycast all of the mirrors send identical or at least equivalent answers so the routes are not a security issue. -- Regards, John Levine, johnl@taugh.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.ly
Back to comp.protocols.dns.bind | Previous | Next — Previous in thread | Find similar
Re: What is the proper way to delegate to a private / hidden sub-domain? Grant Taylor <gtaylor@tnetconsulting.net> - 2020-05-06 14:29 -0600 Re: What is the proper way to delegate to a private / hidden sub-domain? "John Levine" <johnl@iecc.com> - 2020-05-06 17:38 -0400
csiph-web