[Pdns-users] Lua Scripting
Peter van Dijk
peter.van.dijk at netherlabs.nl
Fri Dec 12 18:13:57 UTC 2014
Hello Jason,
On 12 Dec 2014, at 19:07 , Jason Frisvold <xenophage at godshell.com> wrote:
> Peter van Dijk wrote:
>> Hello Jason,
>>
>> If your clients are end hosts (i.e. machines with the equivalent of resolv.conf), they should always be talking to a recursor. If your ‘view’ needs are simple (just a few overridden IPs here and there), using pre- or postresolve in the PowerDNS Recursor would suit your needs fine.
>
> I was hoping to make it easy and have the scripting on the authoritative
> server. Internal machines use the internal recursors as normal, and the
> auth server replies with the appropriate data. External clients hitting
> the auth servers would only get the external view.
>
> The data is distinct, there aren't any overlaps.. It's really just a
> security by obscurity layer. In addition to all of the "real" security
> layers as well...
In that case it’s easiest to have a second auth server for internal data, and make sure your recursor talks to that one. You can use forward-zones in the recursor to make that happen.
Kind regards,
--
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/
More information about the Pdns-users
mailing list