[Pdns-users] Prevent external lookup of (private) subdomains

Brian Candler b.candler at pobox.com
Fri Jul 9 15:12:42 UTC 2021


On 09/07/2021 15:29, informant at trinaxab.se wrote:
> Specifically, the intention is to use a single wildcard certificate 
> *.intra.example.com rather than one for each subdomain. I don't know 
> if that changes anything.

No difference.  You just need to be able to insert TXT records in the zone

_acme-challenge.intra.example.com

to get a wildcard cert for *.intra.example.com.  (Note that wildcard 
certs only match one level: e.g. "accounts.intra.example.com" will match 
but not "mail.accounts.intra.example.com")

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20210709/3dc7836b/attachment.htm>


More information about the Pdns-users mailing list