On 8/2/22 3:29 PM, Robert Moskowitz wrote:
My clients use my internal view. My external view has:
match-clients { any; };
match-destinations { any; };
allow-query { any; };
allow-query-cache { localhost; };
recursion no;
it's been a while but I don't think you need to respond to requests for
'.' ... so I think you can block access to all zones except the one you
want to respond for.
I am way behind the times, as I really have not made any significant
changes to my config for a couple years. Things have been stable.
And I am running CentOS7-arm which only has 9.11.4...
BTW, I am in the market for a 'affordable' DNS box to run here and get
out of the business of maintaining my own software. I am approaching
72, and not something I want to do anymore. And I have not see a
service provider that would let me really config my own zone files...
I was in the same boat and ended up shifting my personal stuff to
Route53 in Amazon AWS. It costs like, $1 a month per zone to host and
nobody is going to be killing Route53.
You can configure all the records in the zone however you like, and
there are APIs if you want to script things so things like a residential
network connection you can have it update it's A record in Route53 with
a script when the IP changes.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
