[Pdns-users] Prevent external lookup of (private) subdomains
informant at trinaxab.se
informant at trinaxab.se
Wed Sep 22 09:54:57 UTC 2021
July 9, 2021 5:12 PM, "Brian Candler" <b.candler at pobox.com> wrote:
> On 09/07/2021 15:29, informant at trinaxab.se wrote:
>
>> Specifically, the intention is to use a single wildcard certificate *.intra.example.com rather than
>> one for each subdomain. I don't know if that changes anything.
> No difference. You just need to be able to insert TXT records in the zone
>
> _acme-challenge.intra.example.com
>
> to get a wildcard cert for *.intra.example.com. (Note that wildcard certs only match one level:
> e.g. "accounts.intra.example.com" will match but not "mail.accounts.intra.example.com")
How do I set this up? I haven't really worked with DNS on this level before. I find things relating to DNS updates, AXFR, TSIG and master/slave configurations, but I'm not sure which of those are relevant.
More information about the Pdns-users
mailing list