Nameservers not reachable by the roots

ewilts at ewilts at
Tue Feb 21 15:01:47 UTC 2006

Do nameservers have to be reachable by the roots?  I've got a weird
case where the nameservers are behind firewalls and should only be
reachable for users who tunnel in.  So, for example, I'd like to have a
domain with DNS server entries and  When
the tunnel is up, these are reachable.  When the tunnel is done,
they're not.  However, nobody will be able to determine the validity of
the domain unless they have a tunnel.  Is this allowed in DNSland?  We
seem to recall that registrars don't want you to register a domain
without a valid DNS server - in this case, it doesn't appear valid to
the registrar even though it is for the people that have the
authorization to look up the entries in the domain.


More information about the bind-users mailing list