On 13/11/2021 07:16, Erich Eckner wrote:
On Sat, 13 Nov 2021, Reindl Harald wrote:
> Am 12.11.21 um 18:55 schrieb lejeczek via bind-users:
>> On 12/11/2021 17:14, Reindl Harald wrote:
>>> wouldn't it be easier to setup two different
subdomains in which case you don't need delegation at all
- your local named would hist the internal subdomain and
doing recursion for everything else
>>>
>>> i mean when it's private and not www why does the
world need to know about the subdomain?
>>>
>> Because I might not be able to control nor have input
into local-private bind(s) and thus...
>> clients/nodes on private networks would query
www/public bind and only then would learn of
'priv.zone.top' and then, via that delegation to my own
binds, 'priv.zone.top' would be served to local-private
networks.
>> - here is where 'views' come to mind, on my binds...
> don't get me wrong but when you a) control a local bind
where b) a public resolver delegates a subzone you should
also be able to control that clients in this network use
your named via dhcp
The problem arises, as soon as you have some clients
*outside* of this local net (inside some other local net),
which should also resolve the internal ips - this is, what
I have, and why I use a public zone for my private
addresses: Most hosts are within my lan behind my own dns
server, but some are "outside", but reachable via vpn -
but I do not want to route all dns traffic for those
through vpn, neither do I want to deploy dns servers for
each of those machines.
@Erich
So that's allowed (& will work?) by bind protocols? On my
own bind facing www & serving my subdomain (delegated from
public registrar) I resolve to & serve private IPs?
That's the easiest way out I was hoping for, in my tricky
situation (being a part of large org it's often bureaucracy
which defeats everybody)
I too employ vpn and for similar reasons I'd prefer my
www-facing bind to resolve my private IPs for... who should
give a toss but me only?
To me it's very basic logic - if a user cannot get to a site
- URLs of which only informed regular users should know in
the first place - that is my business, right? (and precisely
what I want)
many thanks, L
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
