Cert for domain with only internal / delegated DNS

Not really, all my DNS servers are IP addresses.

2 Likes

How do your DNS servers find anything? [hard-coded root hints]
All "glue-records" are also kept [as resolved IP addresses] outside of their respective zones.
The entire DNS tree structure is one big [solved] catch-22 problem.

3 Likes

Yeah, fine, great, but setting a hostname as DNS server on a client computer does result in a catch-22 as those systems will NOT recursively resolve a hostname from the root up.

2 Likes

The fuel is in the engine.
It only needs that first spark.

2 Likes

Well, you are correct that if a DNS over HTTPS client can specify hostname along with the IP address, then a domain name certificate can be used too...

1 Like

Is there no chance of using a split-horizon DNS server ?

4 Likes

We could but don't want to expose our internal DNS or sync our internal DNS to an external server.
And with split-brain DNS there is allays the real risk, that a client connects to wrong / external DNS.
We have a big customer with such a DNS-setup and if you have a look in the IT-support slack channel you know that you never ever want a split-brain DNS or an own internal CA for your intranet-certs...

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.