Re: [Pdns-users] Private IP Addresses in DNS Records

2021-05-14 Thread Kevin P. Fleming via Pdns-users
On Fri, May 14, 2021 at 12:42 PM Brian Candler via Pdns-users wrote: > > On 14/05/2021 16:13, Nikolaos Milas wrote: > > Hmm, probably you mean IPv6 Link-local addresses (rather than GUAs); > > GUAs are reachable indeed. > GUAs aren't necessarily reachable: you can have internal ranges that are > n

Re: [Pdns-users] Private IP Addresses in DNS Records

2021-05-14 Thread Brian Candler via Pdns-users
On 14/05/2021 16:13, Nikolaos Milas wrote: Hmm, probably you mean IPv6 Link-local addresses (rather than GUAs); GUAs are reachable indeed. GUAs aren't necessarily reachable: you can have internal ranges that are not routed, or blocked by ACLs.  Or he might have meant ULAs. Either way, I agree

Re: [Pdns-users] Private IP Addresses in DNS Records

2021-05-14 Thread Nikolaos Milas via Pdns-users
On 14/5/2021 3:50 μ.μ., Kevin P. Fleming wrote: I agree with this sentiment; my publicly-visible zones contain records with both private addresses and with non-reachable public addresses (IPv6 GUAs), and I'm fine with that. If someone can learn the address of one of those systems, that doesn't c

Re: [Pdns-users] Private IP Addresses in DNS Records

2021-05-14 Thread Kevin P. Fleming via Pdns-users
On Fri, May 14, 2021 at 8:41 AM Brian Candler via Pdns-users wrote: > > If you really care (and honestly, it's security-through-obscurity) then > you can run a separate auth server for your internal DNS, and stick it > on a private IP address that only your internal resolvers can reach. I agree w

Re: [Pdns-users] Private IP Addresses in DNS Records

2021-05-14 Thread Brian Candler via Pdns-users
On 14/05/2021 13:03, Nikolaos Milas via Pdns-users wrote: 2. If anyone on the Internet looks up *directly* a particular hostname under private.noa.gr zone (e.g. example.private.noa.gr), won't they be able to see data about it? Shouldn't we somehow deny all Internet requests for that particular

Re: [Pdns-users] Private IP Addresses in DNS Records

2021-05-14 Thread Nikolaos Milas via Pdns-users
On 14/5/2021 10:17 π.μ., fr...@tembo.be wrote: To keep them hidden, what I would recommend, is to create private.noa.gr  as a separate zone (so add NS records for it in the noa.gr  zone and create a new zone), and add example.privrate.noa.gr

[Pdns-users] Private IP Addresses in DNS Records

2021-05-13 Thread Nikolaos Milas via Pdns-users
Hello, We are using PowerDNS Authoritative Server 4.1.14 with LDAP backend. In our setup we are hosting our organization domain (noa.gr) and there is a number of additional servers which are synced via AXFR. In this setup we do NOT host name records for internal hosts with private ip address