host your subdomain on your own ?
Erich Eckner
bind at eckner.net
Sat Nov 13 07:16:13 UTC 2021
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Sat, 13 Nov 2021, Reindl Harald wrote:
> Am 12.11.21 um 18:55 schrieb lejeczek via bind-users:
>> On 12/11/2021 17:14, Reindl Harald wrote:
>>> wouldn't it be easier to setup two different subdomains in which case you
>>> don't need delegation at all - your local named would hist the internal
>>> subdomain and doing recursion for everything else
>>>
>>> i mean when it's private and not www why does the world need to know about
>>> the subdomain?
>>>
>> Because I might not be able to control nor have input into local-private
>> bind(s) and thus...
>> clients/nodes on private networks would query www/public bind and only then
>> would learn of 'priv.zone.top' and then, via that delegation to my own
>> binds, 'priv.zone.top' would be served to local-private networks.
>> - here is where 'views' come to mind, on my binds...
>
> don't get me wrong but when you a) control a local bind where b) a public
> resolver delegates a subzone you should also be able to control that clients
> in this network use your named via dhcp
The problem arises, as soon as you have some clients *outside* of this
local net (inside some other local net), which should also resolve the
internal ips - this is, what I have, and why I use a public zone for my
private addresses: Most hosts are within my lan behind my own dns server,
but some are "outside", but reachable via vpn - but I do not want to route
all dns traffic for those through vpn, neither do I want to deploy dns
servers for each of those machines.
regards,
Erich
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEE3p92iMrPBP64GmxZCu7JB1Xae1oFAmGPZj8ACgkQCu7JB1Xa
e1rJdg/+P+7n1FXtDvqSS1upOYL4mAuHATSbaXnYM8bg8mrcpFOPkZ8bIIj4Srsy
89YzSR/xp9ySKp+OfzHe0LpwqAgVMhagcrQtUcc3WUIK5xHG9nYOgmZFuR5PSzWX
kh+mDRLkCu81/MmVoKsCDrYrxHAv5gMHK82M0S6pt+bMLwOQl5xddYF9whCC9tvu
HFx3Dd1ZGZdnr2cBH4oQ+od8fVeN0HW7Ve+XfupQbbj2vx9yZ8fT/BhidwycGOSw
9GvtQhnSr4vj1+UpWMGI+IkcIXjipWTAQ/e5Cy7ix4ai2w6NsDAdXdXpWy3Aym39
OVipulxjsMtAKY+/RfAF7MTAUtPRSWmbyiXIjc+PQ066M8pNpEgDbbJQDD9WcNMi
wHAFmSSLOECqaHw7UFxGMZArW2pu+vdBmIEGxEzPGgFIkfQSaRfnEgNSDEd3pFoc
HN+ieTTYwJLwvluUc9X7Wj3XzOihnQarZKQf/QDpGh9BQO+jdR2HD1xPtobbWSWw
c8tmMcqWr3Xsxu51j+YmnuLtXoEd8UCINXMAZl7/t3JE+xz6huBBe8niATrO7f2f
mgEZWILyMVfNN6pATYRDqDndkRUT3v9AlpGtHGrGAtCdD7gghMQlzaDN95Q7ZBk1
ybIZFyN6/IPCU5IOXFtPCeRpkjTj2zfavJk+wFlqFwpf/54O56I=
=MkWj
-----END PGP SIGNATURE-----
More information about the bind-users
mailing list