<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Oops.</p>
<p>A small correction. In the "addLocal" directive below, the IPv6
address I posted is wrong. The correct entry would be:</p>
<p>addLocal('[0::0]:53')<br>
<br>
</p>
<div class="moz-cite-prefix">On 05/11/2020 10:00, Roberto Greiner
via dnsdist wrote:<br>
</div>
<blockquote type="cite"
cite="mid:bfb479ab-8976-b12f-8cb6-94228d65a259@fundunesp.org.br">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<p>Since I posted this, no one answered helping, so yesterday I
made some new tests, searched new documentation and found how to
make this work. My final configuration became like this:</p>
<p><br>
</p>
<p>setLocal('0.0.0.0:53')<br>
addLocal('0::0:64')<br>
setACL({'0.0.0.0/0', '::/0'}) -- Allow all IPs access<br>
<br>
newServer({address='127.0.0.1:5300', pool='auth'})<br>
newServer({address='127.0.0.1:5300', pool='reverse'})<br>
newServer({address='127.0.0.1:5301', pool='recursor'})<br>
newServer({address='127.0.0.1:5302', pool='blackhole'})<br>
<br>
recursive_ips = newNMG()<br>
recursive_ips:addMask('<my IPv4 network>') -- These
network masks are the ones from allow-recursion in the
Authoritative Server<br>
recursive_ips:addMask('<my IPv6 network>')<br>
<br>
-- I was having problems with spammers from this domain. This
can be ignored for this example<br>
addAction({"typeform.com."}, PoolAction("blackhole"))<br>
<br>
-- My reverse. Add the proper numbers for your network<br>
addAction({'c.b.a.in-addr.arpa'}, PoolAction("auth"))<br>
addAction({'l.k.j.i.h.g.f.e.d.c.b.a.ip6.arpa'},
PoolAction("auth"))<br>
<br>
<br>
addAction(NetmaskGroupRule(recursive_ips),
PoolAction('recursor'))<br>
addAction(AllRule(), PoolAction('auth'))<br>
<br>
-- disable security status polling via DNS<br>
setSecurityPollSuffix("")<br>
<br>
</p>
<p>I sanitized my network addresses, obviously. I hope this works
as a template for others with the same problem.</p>
<p>Roberto<br>
</p>
<p><br>
</p>
<div class="moz-cite-prefix">On 27/08/2020 15:45, Roberto Greiner
via dnsdist wrote:<br>
</div>
<blockquote type="cite"
cite="mid:2ea389c4-8865-1fe0-f84e-66b7bfe970f5@fundunesp.org.br">
<meta http-equiv="content-type" content="text/html;
charset=UTF-8">
<p>Hi,</p>
<p>I'm trying to set a simple authoritative server that is also
a recursive server for my network. The idea is that for my
domain (lets say domain.com), I want the server the answer
with the aa flag enabled, and for my IP ranges it should
answer with the addresses in the database. Everything else
should be send to the recursive server.</p>
<p>So, I've set powerdns on localhost:5300, with MySQL backend
and using nsedit to edit my domains. This is working (the full
config is below).<br>
</p>
<p>I've set powerdns-recursive on localhost:5301 to answer the
recursive requests (full config also below).<br>
</p>
<p>Last, I've set dnsdist to <myIP>:53. The idea is that
DNS requests asking for <domain.com>, <myip4> and
<myip6> should go to powerdns. Everything else should go
to powerdns-recursor. Simple, I guess. My problem is that I'm
confused with the dnsdist config, so I would like to ask what
I should add in there. So far, my config is the following:</p>
<p>setLocal('0.0.0.0:53')<br>
addLocal('0::0:64')<br>
setACL({'0.0.0.0/0', '::/0'}) -- Allow all IPs access<br>
newServer({address='127.0.0.1:5300', pool='auth'})<br>
newServer({address='127.0.0.1:5301', pool='recursor'})<br>
recursive_ips = newNMG()<br>
recursive_ips:addMask('0.0.0.0/0') -- These network masks are
the ones from allow-recursion in the Authoritative Server<br>
recursive_ips:addMask('::0/0')<br>
addAction({"<mydomain>."}, PoolAction("auth"))<br>
addAction(NetmaskGroupRule(recursive_ips),
PoolAction('recursor'))<br>
addAction(AllRule(), PoolAction('auth'))<br>
-- disable security status polling via DNS<br>
setSecurityPollSuffix("")<br>
</p>
<p>This work, but only for the domain. Queries for my ip
addresses are being sent to the recursor. If I replace the
'addAction({"<mydomain>."}, PoolAction("auth"))' with<br>
</p>
<p>addAction({"<mydomain>.", "<myip6range>",
"myip4range"}, PoolAction("auth"))</p>
<p>Nothing is sent to the authoritative server; The right setup
is probably simple, but I can't figure what it should be.
Could somebody give me a hand?</p>
<p>Thanks,</p>
<p>Roberto</p>
<p><br>
</p>
<p>PS: I'm using Ubuntu 20.04, pdns 4.2.1-1, installed via apt.
dnsdist is version 1.4.0, also using apt. My setup for pdns
is:</p>
<p>api=yes<br>
api-key=<some key><br>
include-dir=/etc/powerdns/pdns.d<br>
launch=gmysql<br>
gmysql-host=127.0.0.1<br>
gmysql-user=powerdns<br>
gmysql-dbname=powerdns<br>
gmysql-password=<some password><br>
gmysql-dnssec=yes<br>
local-address=127.0.0.1<br>
local-ipv6=::1<br>
local-port=5300<br>
security-poll-suffix=<br>
setgid=pdns<br>
setuid=pdns<br>
webserver=yes<br>
</p>
<p>My recursor.conf is:</p>
<p>allow-from=0.0.0.0/0 ::0/0<br>
config-dir=/etc/powerdns<br>
forward-zones=<mydomain>=127.0.0.1:5300<br>
hint-file=/usr/share/dns/root.hints<br>
include-dir=/etc/powerdns/recursor.d<br>
local-address=127.0.0.1, ::1<br>
local-port=5301<br>
lua-config-file=/etc/powerdns/recursor.lua<br>
public-suffix-list-file=/usr/share/publicsuffix/public_suffix_list.dat<br>
quiet=yes<br>
security-poll-suffix=<br>
setgid=pdns<br>
setuid=pdns<br>
<br>
</p>
<p><br>
</p>
<p><br>
</p>
<div class="moz-signature">-- <br>
<img src="cid:part1.F2C3FDBD.EC50367A@fundunesp.org.br"
class="" border="0"></div>
<div id="DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2"> <br>
<br>
<hr style="border:none; color:#909090;
background-color:#B0B0B0; height: 1px; width: 99%;">
<table style="border-collapse:collapse;border:none;">
<tbody>
<tr>
<td style="border:none;padding:0px 15px 0px 8px"> <a
href="http://www.avg.com/internet-security"
moz-do-not-send="true"> <img
src="http://static.avast.com/emails/avg-mail-stamp.png"
alt="Logotipo da AVG" moz-do-not-send="true"
border="0"> </a> </td>
<td>
<p style="color:#3d4d5a;
font-family:"Calibri","Verdana","Arial","Helvetica";
font-size:12pt;"> Este email foi verificado quanto a
vĂrus pelo software AVG AntiVirus. <br>
<a href="http://www.avg.com/internet-security"
moz-do-not-send="true">www.avg.com</a> </p>
</td>
</tr>
</tbody>
</table>
<br>
<a href="#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2" width="1"
height="1" moz-do-not-send="true"> </a></div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
dnsdist mailing list
<a class="moz-txt-link-abbreviated" href="mailto:dnsdist@mailman.powerdns.com" moz-do-not-send="true">dnsdist@mailman.powerdns.com</a>
<a class="moz-txt-link-freetext" href="https://mailman.powerdns.com/mailman/listinfo/dnsdist" moz-do-not-send="true">https://mailman.powerdns.com/mailman/listinfo/dnsdist</a>
</pre>
</blockquote>
<div class="moz-signature">-- <br>
<img src="cid:part1.F2C3FDBD.EC50367A@fundunesp.org.br" class=""
border="0"></div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
dnsdist mailing list
<a class="moz-txt-link-abbreviated" href="mailto:dnsdist@mailman.powerdns.com">dnsdist@mailman.powerdns.com</a>
<a class="moz-txt-link-freetext" href="https://mailman.powerdns.com/mailman/listinfo/dnsdist">https://mailman.powerdns.com/mailman/listinfo/dnsdist</a>
</pre>
</blockquote>
<div class="moz-signature">-- <br>
<img src="cid:part9.B85A8601.3DB0C644@fundunesp.org.br" border="0"></div>
</body>
</html>