Re: host your subdomain on your own ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sat, 13 Nov 2021, Reindl Harald wrote: Am 12.11.21 um 18:55 schrieb lejeczek via bind-users: On 12/11/2021 17:14, Reindl Harald wrote: wouldn't it be easier to setup two different subdomains in which case you don't need delegation at all - your local named would hist the internal subdomain and doing recursion for everything else i mean when it's private and not www why does the world need to know about the subdomain? Because I might not be able to control nor have input into local-private bind(s) and thus... clients/nodes on private networks would query www/public bind and only then would learn of 'priv.zone.top' and then, via that delegation to my own binds, 'priv.zone.top' would be served to local-private networks. - here is where 'views' come to mind, on my binds... don't get me wrong but when you a) control a local bind where b) a public resolver delegates a subzone you should also be able to control that clients in this network use your named via dhcp The problem arises, as soon as you have some clients *outside* of this local net (inside some other local net), which should also resolve the internal ips - this is, what I have, and why I use a public zone for my private addresses: Most hosts are within my lan behind my own dns server, but some are "outside", but reachable via vpn - but I do not want to route all dns traffic for those through vpn, neither do I want to deploy dns servers for each of those machines. regards, Erich -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEE3p92iMrPBP64GmxZCu7JB1Xae1oFAmGPZj8ACgkQCu7JB1Xa e1rJdg/+P+7n1FXtDvqSS1upOYL4mAuHATSbaXnYM8bg8mrcpFOPkZ8bIIj4Srsy 89YzSR/xp9ySKp+OfzHe0LpwqAgVMhagcrQtUcc3WUIK5xHG9nYOgmZFuR5PSzWX kh+mDRLkCu81/MmVoKsCDrYrxHAv5gMHK82M0S6pt+bMLwOQl5xddYF9whCC9tvu HFx3Dd1ZGZdnr2cBH4oQ+od8fVeN0HW7Ve+XfupQbbj2vx9yZ8fT/BhidwycGOSw 9GvtQhnSr4vj1+UpWMGI+IkcIXjipWTAQ/e5Cy7ix4ai2w6NsDAdXdXpWy3Aym39 OVipulxjsMtAKY+/RfAF7MTAUtPRSWmbyiXIjc+PQ066M8pNpEgDbbJQDD9WcNMi wHAFmSSLOECqaHw7UFxGMZArW2pu+vdBmIEGxEzPGgFIkfQSaRfnEgNSDEd3pFoc HN+ieTTYwJLwvluUc9X7Wj3XzOihnQarZKQf/QDpGh9BQO+jdR2HD1xPtobbWSWw c8tmMcqWr3Xsxu51j+YmnuLtXoEd8UCINXMAZl7/t3JE+xz6huBBe8niATrO7f2f mgEZWILyMVfNN6pATYRDqDndkRUT3v9AlpGtHGrGAtCdD7gghMQlzaDN95Q7ZBk1 ybIZFyN6/IPCU5IOXFtPCeRpkjTj2zfavJk+wFlqFwpf/54O56I= =MkWj -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: host your subdomain on your own ?
Am 12.11.21 um 18:55 schrieb lejeczek via bind-users: On 12/11/2021 17:14, Reindl Harald wrote: wouldn't it be easier to setup two different subdomains in which case you don't need delegation at all - your local named would hist the internal subdomain and doing recursion for everything else i mean when it's private and not www why does the world need to know about the subdomain? Because I might not be able to control nor have input into local-private bind(s) and thus... clients/nodes on private networks would query www/public bind and only then would learn of 'priv.zone.top' and then, via that delegation to my own binds, 'priv.zone.top' would be served to local-private networks. - here is where 'views' come to mind, on my binds... don't get me wrong but when you a) control a local bind where b) a public resolver delegates a subzone you should also be able to control that clients in this network use your named via dhcp ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: host your subdomain on your own ?
On Fri, 12 Nov 2021 16:48:23 + lejeczek via bind-users wrote: > Hi guys. > > I'm looking to setup my subdomin in-house and I'm hoping for > some wise advises from experts, it's my first foray into > this thus go easy on me please. > > zone.top - is hosted by a public registrar > priv.zone.top - I want to delegate to my own bind > I'd hope for some generic recipe and pointer to docs, thanks. > > Now what I think might be the tricky part though I get that > an expert might say - trivial. > I am thinking of 'views' or split-horizon or whatever other > nomenclature applies, though I hear that that/those are > discouraged by experts? > Or! might that above be unnecessary(?) if, it's possible and > allowed that such public, mine bind will resolve to IPs > which are 'private' - all that so my 'priv.zone.top' will > resolve to whole www but resources of the zone/domain will > be available, as they are, only in/via private networks. > > Does that make sense? > many thanks for all the help. L > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users So long as you control the dns client configuration of your company's in-house systems, you can do whatever you like. The client connects to an internal dns server, which believes itself to be authoritative for priv.zone.top and responds to queries as expected for that zone. IF you want the public internet to query that subdomain, you'll need that delegation setup in the public dns server for zone.top ( e.g. as obtained via whois ). If for some reason it's not practical to have the local dns server handle all queries for these in-house systems, you can use something like dnsmasq to route just the priv.zone.top to the internal dns servers. ( off topic for here, but easy enough to find online should you need to ) -- Harry Waddell ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: host your subdomain on your own ?
On 12/11/2021 17:14, Reindl Harald wrote: Am 12.11.21 um 17:48 schrieb lejeczek via bind-users: Hi guys. I'm looking to setup my subdomin in-house and I'm hoping for some wise advises from experts, it's my first foray into this thus go easy on me please. zone.top - is hosted by a public registrar priv.zone.top - I want to delegate to my own bind I'd hope for some generic recipe and pointer to docs, thanks. needs to be done in the parent zone by whoever hosts it Now what I think might be the tricky part though I get that an expert might say - trivial. I am thinking of 'views' or split-horizon or whatever other nomenclature applies, though I hear that that/those are discouraged by experts? Or! might that above be unnecessary(?) if, it's possible and allowed that such public, mine bind will resolve to IPs which are 'private' - all that so my 'priv.zone.top' will resolve to whole www but resources of the zone/domain will be available, as they are, only in/via private networks. Does that make sense? wouldn't it be easier to setup two different subdomains in which case you don't need delegation at all - your local named would hist the internal subdomain and doing recursion for everything else i mean when it's private and not www why does the world need to know about the subdomain? Because I might not be able to control nor have input into local-private bind(s) and thus... clients/nodes on private networks would query www/public bind and only then would learn of 'priv.zone.top' and then, via that delegation to my own binds, 'priv.zone.top' would be served to local-private networks. - here is where 'views' come to mind, on my binds... but to make it even more tricky - but some expert may still say, trivial - currently deployed binds of mine do not support "split-horizon" So.. the easiest way out of which I can think would be to have my binds to simply point to those private/local IPs - here I wonder, as a newbie has to, if that would make DNS protocols unhappy or perhaps I get kicked in the teeth right at start. thanks, L. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: host your subdomain on your own ?
Am 12.11.21 um 17:48 schrieb lejeczek via bind-users: Hi guys. I'm looking to setup my subdomin in-house and I'm hoping for some wise advises from experts, it's my first foray into this thus go easy on me please. zone.top - is hosted by a public registrar priv.zone.top - I want to delegate to my own bind I'd hope for some generic recipe and pointer to docs, thanks. needs to be done in the parent zone by whoever hosts it Now what I think might be the tricky part though I get that an expert might say - trivial. I am thinking of 'views' or split-horizon or whatever other nomenclature applies, though I hear that that/those are discouraged by experts? Or! might that above be unnecessary(?) if, it's possible and allowed that such public, mine bind will resolve to IPs which are 'private' - all that so my 'priv.zone.top' will resolve to whole www but resources of the zone/domain will be available, as they are, only in/via private networks. Does that make sense? wouldn't it be easier to setup two different subdomains in which case you don't need delegation at all - your local named would hist the internal subdomain and doing recursion for everything else i mean when it's private and not www why does the world need to know about the subdomain? ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
host your subdomain on your own ?
Hi guys. I'm looking to setup my subdomin in-house and I'm hoping for some wise advises from experts, it's my first foray into this thus go easy on me please. zone.top - is hosted by a public registrar priv.zone.top - I want to delegate to my own bind I'd hope for some generic recipe and pointer to docs, thanks. Now what I think might be the tricky part though I get that an expert might say - trivial. I am thinking of 'views' or split-horizon or whatever other nomenclature applies, though I hear that that/those are discouraged by experts? Or! might that above be unnecessary(?) if, it's possible and allowed that such public, mine bind will resolve to IPs which are 'private' - all that so my 'priv.zone.top' will resolve to whole www but resources of the zone/domain will be available, as they are, only in/via private networks. Does that make sense? many thanks for all the help. L ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users