On 14.10.22 12:08, Bob McDonald wrote:
I'm thinking about redesigning an internal DNS environment. To begin with, all internal DNS zones would reside on non-recursive servers only.
why?
That said, all clients would connect to recursive resolvers.
don't they now?
The question is this; do I use an internal root with pointers to the internal zones (as well as the outside DNS world) or do I include stub zones to point at the non-recursive internal servers?
stub zones, forward zones (forward with recursion bit set) or static-stub zones (send iterative queries to configured servers)
Access to the internal DNS zones would be controlled by location.
if you have recursive servers in internal network, you don't need control access on auth-only servers.
(e.g. guest WiFi devices would NOT have access to internal DNS zones...) Recursive resolvers would allow implementation of features such as RPZ, etc.
do you need RPZ for internal zones? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. LSD will make your ECS screen display 16.7 million colors -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
