Grant Taylor <gtaylor=40tnetconsulting....@dmarc.ietf.org> wrote: > > Is there a best practice around this method of delegating to sub-domain(s) > that are inaccessible to the public?
I recommend having an empty public view of your private zone, so that external queries succeed with NXDOMAIN / NODATA. Returning REFUSED for a private zone causes retries, and not responding at all causes even worse problems such as EDNS fallback attempts. I haven't tried delegating to RFC1918 addresses, but that is likely to cause similar weirdness. Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ Bailey: South 3 or 4, becoming cyclonic 5 to 7, occasionally gale 8 for a time. Slight or moderate, becoming rough or very rough. Rain. Moderate or poor. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
