On 10/15/22 1:51 PM, Greg Choules via bind-users wrote:
Hi Grant.
Hi Gred,I'm quickly replying to your message. I'll reply to Matus & Fred later when I have more time for a proper reply.
My understanding is this, which is almost identical to what I did in a former life:client ---recursive_query---> recursive_DNS_server ---non_recursive_query---> internal_auth/Internetwhere: client == laptop/phone/server running stub resolver coderecursive_DNS_server == what Bob is asking about, a recursive-only DNS serverinternal_auth == the other component, an authoritative-only DNS server
ACK I that's the topology I had in my mental map.
Separation of internal and external clients - preventing external ones from accessing internal names - is easily achieved with a couple of views, such as this:
I /absolutely/ agree with you. However "views" is /non-default/. -- To reflect Bob's original message.
-- Grant. . . . unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users