[Pdns-users] Prevent external lookup of (private) subdomains

informant at trinaxab.se informant at trinaxab.se
Wed Sep 22 09:54:57 UTC 2021

July 9, 2021 5:12 PM, "Brian Candler" <b.candler at pobox.com> wrote:

> On 09/07/2021 15:29, informant at trinaxab.se wrote:
>> Specifically, the intention is to use a single wildcard certificate *.intra.example.com rather than
>> one for each subdomain. I don't know if that changes anything.
> No difference. You just need to be able to insert TXT records in the zone
> _acme-challenge.intra.example.com
> to get a wildcard cert for *.intra.example.com. (Note that wildcard certs only match one level:
> e.g. "accounts.intra.example.com" will match but not "mail.accounts.intra.example.com")

How do I set this up? I haven't really worked with DNS on this level before. I find things relating to DNS updates, AXFR, TSIG and master/slave configurations, but I'm not sure which of those are relevant.

More information about the Pdns-users mailing list