[Pdns-users] Private IP Addresses in DNS Records

Kevin P. Fleming kevin at km6g.us
Fri May 14 12:50:19 UTC 2021


On Fri, May 14, 2021 at 8:41 AM Brian Candler via Pdns-users
<pdns-users at mailman.powerdns.com> wrote:
>
> If you really care (and honestly, it's security-through-obscurity) then
> you can run a separate auth server for your internal DNS, and stick it
> on a private IP address that only your internal resolvers can reach.

I agree with this sentiment; my publicly-visible zones contain records
with both private addresses and with non-reachable public addresses
(IPv6 GUAs), and I'm fine with that. If someone can learn the address
of one of those systems, that doesn't cause any harm.


More information about the Pdns-users mailing list