[Pdns-users] Private IP Addresses in DNS Records

Brian Candler b.candler at pobox.com
Fri May 14 12:41:36 UTC 2021

On 14/05/2021 13:03, Nikolaos Milas via Pdns-users wrote:
> 2. If anyone on the Internet looks up *directly* a particular hostname 
> under private.noa.gr zone (e.g. example.private.noa.gr), won't they be 
> able to see data about it? Shouldn't we somehow deny all Internet 
> requests for that particular zone (in addition to AXFRs), and only 
> allow internal requests?
> If so, how do we configure PowerDNS (Authoritative) to allow requests 
> only from specific IP ranges for that particular zone? 

If you really care (and honestly, it's security-through-obscurity) then 
you can run a separate auth server for your internal DNS, and stick it 
on a private IP address that only your internal resolvers can reach.

You could also stick dnsdist in front of your main auth server - but 
unless you need it for other reasons, I'd say that's just another layer 
of complexity.

More information about the Pdns-users mailing list