Re: Setup a hidden master

On 2/15/22 1:07 AM, Bjørn Mork wrote: You'll normally get a few update queries to the SOA MNAME if you leave the real master there. This was going through my mind as I read the thread. Aside: BIND secondaries can be configured to forward such updates to the hidden primary. Whether you

Re: Setup a hidden master

Mark Tinka writes: > DNS queries won't be sent to name servers that aren't listed as > authoritative for the zone. You'll normally get a few update queries to the SOA MNAME if you leave the real master there. Whether you should change the MNAME or not is another question... Bjørn -- Visit

RE: Setup a hidden master

Thanks for the quick response and confirmation Ondřej You have helped take my paranoia levels down at least one notch! Andy Baker From: Ondřej Surý Sent: Tuesday, February 15, 2022 10:12 AM To: Andrew Baker Cc: bind-users@lists.isc.org Subject: Re: Setup a hidden master Hi, do both

Re: Setup a hidden master

On 2/15/22 09:06, Andrew Baker via bind-users wrote: Dear List, We are based in the middle east and manage a lot of domains across a lot of tld’s including regional ones. Not all registrars are equal and the DNS services of several weren’t offering what we required. For a number of

Re: Setup a hidden master

Hi, do both, or at least the firewall. But you absolutely must remove the hidden primary from the list of NS both in the parent and child zones. That’s the most important thing to do. Start with that, the rest is just additional layers. Ondrej -- Ondřej Surý — ISC (He/Him) My working hours

Setup a hidden master

Dear List, We are based in the middle east and manage a lot of domains across a lot of tld's including regional ones. Not all registrars are equal and the DNS services of several weren't offering what we required. For a number of operational and political reasons, it was decided to setup a