Re: [Pdns-users] Private IP Addresses in DNS Records

2021-05-14 Thread Kevin P. Fleming via Pdns-users
On Fri, May 14, 2021 at 12:42 PM Brian Candler via Pdns-users wrote: > > On 14/05/2021 16:13, Nikolaos Milas wrote: > > Hmm, probably you mean IPv6 Link-local addresses (rather than GUAs); > > GUAs are reachable indeed. > GUAs aren't necessarily reachable: you can have internal ranges that are >

Re: [Pdns-users] Private IP Addresses in DNS Records

2021-05-14 Thread Brian Candler via Pdns-users
On 14/05/2021 16:13, Nikolaos Milas wrote: Hmm, probably you mean IPv6 Link-local addresses (rather than GUAs); GUAs are reachable indeed. GUAs aren't necessarily reachable: you can have internal ranges that are not routed, or blocked by ACLs.  Or he might have meant ULAs. Either way, I agree

Re: [Pdns-users] Private IP Addresses in DNS Records

2021-05-14 Thread Nikolaos Milas via Pdns-users
On 14/5/2021 3:50 μ.μ., Kevin P. Fleming wrote: I agree with this sentiment; my publicly-visible zones contain records with both private addresses and with non-reachable public addresses (IPv6 GUAs), and I'm fine with that. If someone can learn the address of one of those systems, that doesn't

Re: [Pdns-users] Private IP Addresses in DNS Records

2021-05-14 Thread Kevin P. Fleming via Pdns-users
On Fri, May 14, 2021 at 8:41 AM Brian Candler via Pdns-users wrote: > > If you really care (and honestly, it's security-through-obscurity) then > you can run a separate auth server for your internal DNS, and stick it > on a private IP address that only your internal resolvers can reach. I agree

Re: [Pdns-users] Private IP Addresses in DNS Records

2021-05-14 Thread Brian Candler via Pdns-users
On 14/05/2021 13:03, Nikolaos Milas via Pdns-users wrote: 2. If anyone on the Internet looks up *directly* a particular hostname under private.noa.gr zone (e.g. example.private.noa.gr), won't they be able to see data about it? Shouldn't we somehow deny all Internet requests for that particular

Re: [Pdns-users] Private IP Addresses in DNS Records

2021-05-14 Thread Nikolaos Milas via Pdns-users
On 14/5/2021 10:17 π.μ., fr...@tembo.be wrote: To keep them hidden, what I would recommend, is to create private.noa.gr  as a separate zone (so add NS records for it in the noa.gr  zone and create a new zone), and add example.privrate.noa.gr

Re: [Pdns-users] PDNS working on localhost but not publicly

2021-05-14 Thread Brian Candler via Pdns-users
On 14/05/2021 02:55, Steven Garner via Pdns-users wrote: The router connecting ns2.opensourceserver.io 's 207.177.51.156 public IP address to the PDNS server's 192.168.1.2 private IP address is RouterOS 6.42.12, NAT/port forwarded: /ip firewall nat add