<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Hi,</p>
<p>I'm trying to set a simple authoritative server that is also a
recursive server for my network. The idea is that for my domain
(lets say domain.com), I want the server the answer with the aa
flag enabled, and for my IP ranges it should answer with the
addresses in the database. Everything else should be send to the
recursive server.</p>
<p>So, I've set powerdns on localhost:5300, with MySQL backend and
using nsedit to edit my domains. This is working (the full config
is below).<br>
</p>
<p>I've set powerdns-recursive on localhost:5301 to answer the
recursive requests (full config also below).<br>
</p>
<p>Last, I've set dnsdist to <myIP>:53. The idea is that DNS
requests asking for <domain.com>, <myip4> and
<myip6> should go to powerdns. Everything else should go to
powerdns-recursor. Simple, I guess. My problem is that I'm
confused with the dnsdist config, so I would like to ask what I
should add in there. So far, my config is the following:</p>
<p>setLocal('0.0.0.0:53')<br>
addLocal('0::0:64')<br>
setACL({'0.0.0.0/0', '::/0'}) -- Allow all IPs access<br>
newServer({address='127.0.0.1:5300', pool='auth'})<br>
newServer({address='127.0.0.1:5301', pool='recursor'})<br>
recursive_ips = newNMG()<br>
recursive_ips:addMask('0.0.0.0/0') -- These network masks are the
ones from allow-recursion in the Authoritative Server<br>
recursive_ips:addMask('::0/0')<br>
addAction({"<mydomain>."}, PoolAction("auth"))<br>
addAction(NetmaskGroupRule(recursive_ips), PoolAction('recursor'))<br>
addAction(AllRule(), PoolAction('auth'))<br>
-- disable security status polling via DNS<br>
setSecurityPollSuffix("")<br>
</p>
<p>This work, but only for the domain. Queries for my ip addresses
are being sent to the recursor. If I replace the 'addAction({"<mydomain>."},
PoolAction("auth"))' with<br>
</p>
<p>addAction({"<mydomain>.", "<myip6range>",
"myip4range"}, PoolAction("auth"))</p>
<p>Nothing is sent to the authoritative server; The right setup is
probably simple, but I can't figure what it should be. Could
somebody give me a hand?</p>
<p>Thanks,</p>
<p>Roberto</p>
<p><br>
</p>
<p>PS: I'm using Ubuntu 20.04, pdns 4.2.1-1, installed via apt.
dnsdist is version 1.4.0, also using apt. My setup for pdns is:</p>
<p>api=yes<br>
api-key=<some key><br>
include-dir=/etc/powerdns/pdns.d<br>
launch=gmysql<br>
gmysql-host=127.0.0.1<br>
gmysql-user=powerdns<br>
gmysql-dbname=powerdns<br>
gmysql-password=<some password><br>
gmysql-dnssec=yes<br>
local-address=127.0.0.1<br>
local-ipv6=::1<br>
local-port=5300<br>
security-poll-suffix=<br>
setgid=pdns<br>
setuid=pdns<br>
webserver=yes<br>
</p>
<p>My recursor.conf is:</p>
<p>allow-from=0.0.0.0/0 ::0/0<br>
config-dir=/etc/powerdns<br>
forward-zones=<mydomain>=127.0.0.1:5300<br>
hint-file=/usr/share/dns/root.hints<br>
include-dir=/etc/powerdns/recursor.d<br>
local-address=127.0.0.1, ::1<br>
local-port=5301<br>
lua-config-file=/etc/powerdns/recursor.lua<br>
public-suffix-list-file=/usr/share/publicsuffix/public_suffix_list.dat<br>
quiet=yes<br>
security-poll-suffix=<br>
setgid=pdns<br>
setuid=pdns<br>
<br>
</p>
<p><br>
</p>
<p><br>
</p>
<div class="moz-signature">-- <br>
<img src="cid:part1.B54F4606.209C88A6@fundunesp.org.br" border="0"></div>
<div id="DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2">
<br /><br />
<hr style='border:none; color:#909090; background-color:#B0B0B0; height: 1px; width: 99%;' />
<table style='border-collapse:collapse;border:none;'>
<tr>
<td style='border:none;padding:0px 15px 0px 8px'>
<a href="http://www.avg.com/internet-security">
<img border=0 src="http://static.avast.com/emails/avg-mail-stamp.png" alt="Logotipo da AVG" />
</a>
</td>
<td>
<p style='color:#3d4d5a; font-family:"Calibri","Verdana","Arial","Helvetica"; font-size:12pt;'>
Este email foi verificado quanto a vĂrus pelo software AVG AntiVirus.
<br><a href="http://www.avg.com/internet-security">www.avg.com</a>
</p>
</td>
</tr>
</table>
<br />
<a href="#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2" width="1" height="1"> </a></div></body>
</html>