Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.protocols.dns.bind > #15731 > unrolled thread
| Started by | Grant Taylor <gtaylor@tnetconsulting.net> |
|---|---|
| First post | 2020-05-06 14:29 -0600 |
| Last post | 2020-05-06 17:38 -0400 |
| Articles | 2 — 2 participants |
Back to article view | Back to comp.protocols.dns.bind
This discussion starts older than the indexed window; earlier articles aren't shown. The article labeled Started by
below is the oldest one visible, not the original post.
Re: What is the proper way to delegate to a private / hidden sub-domain? Grant Taylor <gtaylor@tnetconsulting.net> - 2020-05-06 14:29 -0600
Re: What is the proper way to delegate to a private / hidden sub-domain? "John Levine" <johnl@iecc.com> - 2020-05-06 17:38 -0400
| From | Grant Taylor <gtaylor@tnetconsulting.net> |
|---|---|
| Date | 2020-05-06 14:29 -0600 |
| Subject | Re: What is the proper way to delegate to a private / hidden sub-domain? |
| Message-ID | <mailman.364.1588797009.942.bind-users@lists.isc.org> |
[Multipart message — attachments visible in raw view] — view raw
On 5/6/20 2:21 PM, John Levine wrote: > Don't Do That. That's one of the hard requirements of what I'm doing. Not doing that is not an option. > This really seems like ordinary split horizon DNS. Please explain what you mean by "split horizon DNS" like I'm a n00b, because obviously my understanding of it differs from what your understanding seems to be. -- Grant. . . . unix || die
[toc] | [next] | [standalone]
| From | "John Levine" <johnl@iecc.com> |
|---|---|
| Date | 2020-05-06 17:38 -0400 |
| Message-ID | <mailman.367.1588801131.942.bind-users@lists.isc.org> |
| In reply to | #15731 |
In article <mailman.364.1588797009.942.bind-users@lists.isc.org> you write: >> This really seems like ordinary split horizon DNS. > >Please explain what you mean by "split horizon DNS" like I'm a n00b, >because obviously my understanding of it differs from what your >understanding seems to be. The DNS server sends different answers depending on the client IP, so on your internal network it sees the private subdomain, everywhere else sees a ENT or NXDOMAIN. If you really have to use physically separate servers for reasons that you can't explain, I suppose putting the two servers at the same IP addresss facing different networks could work, although you're asking for trouble with route leaks anytime someone adjusts a router anywhere near one or the other. Remember that with normal anycast all of the mirrors send identical or at least equivalent answers so the routes are not a security issue. -- Regards, John Levine, johnl@taugh.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.ly
[toc] | [prev] | [standalone]
Back to top | Article view | comp.protocols.dns.bind
csiph-web