In article <mailman.364.1588797009.942.bind-us...@lists.isc.org> you write: >> This really seems like ordinary split horizon DNS. > >Please explain what you mean by "split horizon DNS" like I'm a n00b, >because obviously my understanding of it differs from what your >understanding seems to be.
The DNS server sends different answers depending on the client IP, so on your internal network it sees the private subdomain, everywhere else sees a ENT or NXDOMAIN. If you really have to use physically separate servers for reasons that you can't explain, I suppose putting the two servers at the same IP addresss facing different networks could work, although you're asking for trouble with route leaks anytime someone adjusts a router anywhere near one or the other. Remember that with normal anycast all of the mirrors send identical or at least equivalent answers so the routes are not a security issue. -- Regards, John Levine, jo...@taugh.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.ly _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
