[Pdns-users] Private IP Addresses in DNS Records
Brian Candler
b.candler at pobox.com
Fri May 14 12:41:36 UTC 2021
On 14/05/2021 13:03, Nikolaos Milas via Pdns-users wrote:
> 2. If anyone on the Internet looks up *directly* a particular hostname
> under private.noa.gr zone (e.g. example.private.noa.gr), won't they be
> able to see data about it? Shouldn't we somehow deny all Internet
> requests for that particular zone (in addition to AXFRs), and only
> allow internal requests?
>
> If so, how do we configure PowerDNS (Authoritative) to allow requests
> only from specific IP ranges for that particular zone?
If you really care (and honestly, it's security-through-obscurity) then
you can run a separate auth server for your internal DNS, and stick it
on a private IP address that only your internal resolvers can reach.
You could also stick dnsdist in front of your main auth server - but
unless you need it for other reasons, I'd say that's just another layer
of complexity.
More information about the Pdns-users
mailing list