-
|
We have around 200 public external/public DNS zones and we have 1 internal zone. Is it possible to setup powerdns in a way to allow us to host 1 internal zone on the same server as our 200 public/external zones? The reason for doing this is that we don't want to run a second set of powerdns servers just to host one piddly little internal zone. That's a lot of effort to setup, manage, update etc. If we could somehow co-host the internal zone with all the external zones safely without creating any sort of security issues that would save us a lot of administration effort. Maybe what I am proposing though just isn't something safe to do. |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments
-
|
I assume you already run dnsdist in front of your authoritative servers (if not you should really look into it). |
Beta Was this translation helpful? Give feedback.
-
|
We do not run dnsdist in front of our servers but that's a clever solution to the problem. I'll consider that as we wanted to run dnsdist for DoT and DoH. Thank you! |
Beta Was this translation helpful? Give feedback.
I assume you already run dnsdist in front of your authoritative servers (if not you should really look into it).
I'd imagine a nice ruleset that only allows queries for the internal zone from specific source address ranges denying all others would work (assuming that you don't have customers that can manipulate any of the other zones to point to your internal resources; otherwise separate the servers).