[Pdns-users] Private IP Addresses in DNS Records
Nikolaos Milas
nmilas at admin.noa.gr
Fri May 14 12:03:53 UTC 2021
On 14/5/2021 10:17 π.μ., frank at tembo.be wrote:
> To keep them hidden, what I would recommend, is to create
> private.noa.gr <http://private.noa.gr> as a separate zone (so add NS
> records for it in the noa.gr <http://noa.gr> zone and create a new
> zone), and add example.privrate.noa.gr
> <http://example.privrate.noa.gr> to that zone. You can then deny AXFRs
> for that zone. People who can AXFR noa.gr <http://noa.gr> can still
> see that a private.noa.gr <http://private.noa.gr> zone exists (as they
> would see the NS delegation), but they can't see what's in it.
Thank you Frank,
Some questions:
1. How can we configure PowerDNS (Authoritative) to deny AXFRs for a
particular zone? I have seen domainmetadata documentation at:
https://doc.powerdns.com/authoritative/domainmetadata.html
but this functionality is documented as not available for non-DNSSEC
capable backends as is ours (LDAP).
2. If anyone on the Internet looks up *directly* a particular hostname
under private.noa.gr zone (e.g. example.private.noa.gr), won't they be
able to see data about it? Shouldn't we somehow deny all Internet
requests for that particular zone (in addition to AXFRs), and only allow
internal requests?
If so, how do we configure PowerDNS (Authoritative) to allow requests
only from specific IP ranges for that particular zone?
Thanks again,
Nick
More information about the Pdns-users
mailing list