[Pdns-users] Prevent external lookup of (private) subdomains

informant at trinaxab.se informant at trinaxab.se
Fri Jul 9 13:43:26 UTC 2021


I intend to set up a PowerDNS authoritative server and recursor, where a few subdomains will be forwarded to the auth server for internal use only. (local IP addresses) We do not wish to allow lookups for these domains by any external host. So far, so good.

Now, additionally, I would like to employ Let’s Encrypt certificates for these private services by using DNS wildcard challenge. This, of course, requires that the DNS server be public. My question, then, is can I set up PowerDNS in such a way that the DNS server allows the necessary lookups required to complete the DNS challenge, but prevents lookups for any subdomains by any external host?

In other words, can I allow lookups for intra.example.com from while only allowing lookups for myservice.intra.example.com from
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20210709/a25f63a1/attachment.htm>

More information about the Pdns-users mailing list