[dns-operations] Link-local IP addresses for a resolver?

Paul Ebersman list-dns-operations at dragon.net
Wed Sep 25 00:03:33 UTC 2019


marka> DNS servers that are expected to be reached across sites need to
marka> be globally unique addresses which ULA and LL are not.

The IP address clients use to reach the resolver doesn't have to be the
same one that the resolver uses as source address when it queries. And
it's not uncommon to have an externally exposed recursive resolver on
the public side of a corporate firewall with queries from an internal
resolver being forwarded.

Using ULA/LL for the clients doesn't mean it can't be a used as a
functional resolver via said forwarding/alternate address.

Not saying I think using LL/ULA is a more secure architecture but it can
be functional and should work on the local broadcast domain/LAN.



More information about the dns-operations mailing list