Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.protocols.dns.bind > #15732 > unrolled thread
| Started by | Grant Taylor <gtaylor@tnetconsulting.net> |
|---|---|
| First post | 2020-05-06 14:37 -0600 |
| Last post | 2020-05-06 17:40 -0400 |
| Articles | 2 — 2 participants |
Back to article view | Back to comp.protocols.dns.bind
This discussion starts older than the indexed window; earlier articles aren't shown. The article labeled Started by
below is the oldest one visible, not the original post.
Re: What is the proper way to delegate to a private / hidden sub-domain? Grant Taylor <gtaylor@tnetconsulting.net> - 2020-05-06 14:37 -0600
Re: What is the proper way to delegate to a private / hidden sub-domain? "John Levine" <johnl@iecc.com> - 2020-05-06 17:40 -0400
| From | Grant Taylor <gtaylor@tnetconsulting.net> |
|---|---|
| Date | 2020-05-06 14:37 -0600 |
| Subject | Re: What is the proper way to delegate to a private / hidden sub-domain? |
| Message-ID | <mailman.366.1588797473.942.bind-users@lists.isc.org> |
[Multipart message — attachments visible in raw view] — view raw
On 5/6/20 2:29 PM, Grant Taylor wrote: > That's one of the hard requirements of what I'm doing. Not doing that > is not an option. To elaborate, the internal clients are in a sequestered network which will never have outside access to it. As such, the outside world can never query something from a system in it. Further, the external publicaly accessible DNS servers exist elsewhere on the Internet to provide just enough zone content to make delegation happy. Perhaps the external publicaly accessible parent example.net can (blindly) delegate zones to internal private DNS servers. However I dislike this because I believe it leaves things in an unclean state for people on the Internet a large. At the very least it means no route to host errors at best or at worst timeouts. Conversly, what I'm working on will immediately and successfully return a response of NXDOMAIN. Something that I think is cleaner for the Internet at large. -- Grant. . . . unix || die
[toc] | [next] | [standalone]
| From | "John Levine" <johnl@iecc.com> |
|---|---|
| Date | 2020-05-06 17:40 -0400 |
| Message-ID | <mailman.368.1588801242.942.bind-users@lists.isc.org> |
| In reply to | #15732 |
In article <mailman.366.1588797473.942.bind-users@lists.isc.org> you write: >-=-=-=-=-=- > >On 5/6/20 2:29 PM, Grant Taylor wrote: >> That's one of the hard requirements of what I'm doing. Not doing that >> is not an option. > >To elaborate, the internal clients are in a sequestered network which >will never have outside access to it. As such, the outside world can >never query something from a system in it. Can clients on the internal network contact hosts in the outside world, or is it really disconnected?
[toc] | [prev] | [standalone]
Back to top | Article view | comp.protocols.dns.bind
csiph-web