Okay, I've tried out my newfound knowledge and here are my results. First I tried adding the "allow-recursion-override=yes" to my config file. I left the recursor key set to my other production DNS. I then started pdns with "sudo /etc/init.d/pdns monitor". I used nslookup to try and resolve
<a href="http://www.test.com">www.test.com</a> which is set up with a CNAME. The result was not the IP of the CNAME value but that of the true public ip for <a href="http://www.test.com">www.test.com</a>. What did I do wrong? Also, is there a switch to have pdns monitor show me each query? A debug logging maybe?
<br><br>The second thing I tried was to remove the recursor key and use the pdns as strictly authoritative. The database remains the same -- a CNAME for <a href="http://www.test.com">www.test.com</a>. Again, I used nslookup to try and resolve, but now I get a "** server can't find
<a href="http://www.test.com">www.test.com</a>: SERVFAIL" Shouldn't it have responded with the value of the CNAME even if it couldn't recurse to resolve it?<br><br>Thanks for your patience guys!<br>--Tom<br>
<br><div><span class="gmail_quote">On 4/10/07, <b class="gmail_sendername">Tom Rossi</b> <<a href="mailto:trossi@msites.com">trossi@msites.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Thanks for the great explanation!<div><span class="e" id="q_111dc8474dfb9815_1"><br><br><div><span class="gmail_quote">On 4/10/07, <b class="gmail_sendername">Derrik Pates</b> <<a href="mailto:demon@devrandom.net" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
demon@devrandom.net</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Tom Rossi wrote:<br>> Thank you so much for helping me out. I think I may be showing my<br>> ignorance. I thought it would have to be configured with a recursor to<br>> be able to resolve something it is not authoritative. So in my
<br>> scenario, the DNS is the authority for <a href="http://mydomain.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">mydomain.com</a><br>> <<a href="http://mydomain.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
http://mydomain.com</a>> and I have an MX record that points to<br>> <a href="http://mx.google.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
mx.google.com</a>. My authoritative DNS for <a href="http://mydomain.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">mydomain.com</a> needs to be<br>> able to resolve <a href="http://mx.google.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
mx.google.com</a>.<br><br>No, your authoritative nameserver doesn't have to care what
<br>'<a href="http://mx.google.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">mx.google.com</a>' points to; it just returns the MX record by itself to<br>the recursor. If the MX happened to be in a local zone, it could provide
<br>the A record that it points to, but that's not required. The recursor
<br>may (optionally) do additional processing, i.e., resolve where<br>'<a href="http://mx.google.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">mx.google.com</a>' points to, but this is not required either.
<br><br>> Do I need to configure a recursor<br>
> to make that happen?<br><br>Your mailserver should either be running a local recursor (good for<br>high-demand mailservers to prevent excessive waiting around for<br>recursive lookups), or referring to one or more central recursors, which
<br>handle the task of recursive lookups for it.<br><br>--<br>Derrik Pates<br><a href="mailto:demon@devrandom.net" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">demon@devrandom.net</a><br></blockquote>
</div><br>
</span></div></blockquote></div><br>