<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
To be clear, in our case, the exact same data is returned, just from
different sources.<br>
<br>
On 1/10/12 4:21 PM, Chris Moates wrote:
<blockquote
cite="mid:CAMuUzEJ8nAryiStA4d+K9p8aRt1sHS7K9nBzreBhYQbbfYa1zg@mail.gmail.com"
type="cite">We have a different use case but similar situation. In
our case, we are (unfortunately) using the same domain both
internally and externally. So some entries only exist internally,
some only externally, and some both, but with different IP's.
Here's an example:
<div>
<br>
</div>
<div><a moz-do-not-send="true" href="http://web1.domain.com">web1.domain.com</a>
has a 10.x and 208.x address, depending on if you're outside or
inside.</div>
<div><a moz-do-not-send="true" href="http://www.domain.com">www.domain.com</a>
only exists externally</div>
<div><a moz-do-not-send="true" href="http://database.domain.com">database.domain.com</a>
only exists internally</div>
<div><br>
</div>
<div>What I'd like to do is have our internal DNS servers try
asking the outside DNS servers when they don't have a record.
What we have to do now is copy the relevant records across and
maintain them in two places. Previously, we had accomplished
this with Bind's split views, but that had it's own share of
issues.</div>
<div><br>
</div>
<div>I've toyed with implementing a backend that would query the
external server, as it seems my best option. I just haven't
gotten to completing it yet. Sort of a "also ask this DNS
server" backend.</div>
<div><br>
</div>
<div>Cheers,</div>
<div>Chris<br>
<br>
<div class="gmail_quote">On Tue, Jan 10, 2012 at 6:44 PM, Rory
Toma <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:rory@ooma.com">rory@ooma.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> I noticed I failed to
reply to the list...<br>
<br>
<br>
-------- Original Message --------
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">Subject:
</th>
<td>Re: [Pdns-users] Recursion when Powerdns auth
servers is SOA</td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">Date:
</th>
<td>Tue, 10 Jan 2012 14:56:13 -0800</td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">From:
</th>
<td>Rory Toma <a moz-do-not-send="true"
href="mailto:rory@ooma.com" target="_blank"><rory@ooma.com></a></td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">To:
</th>
<td>bert hubert <a moz-do-not-send="true"
href="mailto:bert.hubert@netherlabs.nl"
target="_blank"><bert.hubert@netherlabs.nl></a></td>
</tr>
</tbody>
</table>
<div>
<div class="h5"> <br>
<br>
On 1/10/12 2:48 PM, bert hubert wrote:
<blockquote type="cite"><br>
<div>
<div>On Jan 10, 2012, at 11:37 PM, Rory Toma
wrote:</div>
<br>
<blockquote type="cite">
<div bgcolor="#FFFFFF" text="#000000"><span
style="font-family:'luxi
sans',sans-serif;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:-webkit-auto;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;font-size:medium">"To
make sure that the local authoritative
database overrides recursive information,
PowerDNS first tries to answer a question
from its own database. If that succeeds, the
answer packet is sent back immediately
without involving the recursor in any way.
This means that for questions for which
there is no answer, PowerDNS will consult
the recursor for an recursive query, even if
PowerDNS is authoritative for a domain! This
will only cause problems if you 'fake'
domains which don't really exist.</span>"<br>
<br>
What I want to do is have powerdns consult the
recursor even of powerdns is authoritative for
a domain. This is what I can' seem to get to
work.<br>
</div>
</blockquote>
<div><br>
</div>
<div>I think we no longer do this, and that the
documentation is in that case out of date. It
complicated things too badly.</div>
<div><br>
</div>
<div>If you want to override the internet, you may
have more success the other way around, put a
PowerDNS Recursor with specific authoritative
data as an auth server.</div>
<div><br>
</div>
<div><span style="white-space:pre-wrap"> </span>Bert</div>
</div>
</blockquote>
<br>
</div>
</div>
I'll explain my problem in a little more detail, and then
perhaps suggestions can flow:<br>
<br>
We are using dns as a registration system. Devices contact
a server and register, a dns record is created. For the
sake of this discussion, I'll refer to this as old
registration system (bind and old registration servers)
and new registration system (powerdns and new server)<br>
<br>
Many "apps" need to look up the information in dns, we
have a keepalived fault tolerant IP address that points to
a name server (currently bind), but we'd like to switch
this to powerdns. However, we can't just switch all the
dns records over at once, there has to be a transition
period. So, we'd like to switch over to powerdns and new
registration server. All new records will exist in
powerdns. Eventually, all the old records will migrate as
clients re-register.<br>
<br>
So, when someone queries the new server, it needs to look
up the data first in powerdns, and if it isn't there,
recurse.<br>
<br>
I tried putting the powerdns recursor in front. It did not
work for me, as each backend server thinks it is
authoritative. So if it happens to query that one first,
it returns NXDOMAIN and never looks at the next one in the
list.<br>
<br>
</div>
<br>
_______________________________________________<br>
Pdns-users mailing list<br>
<a moz-do-not-send="true"
href="mailto:Pdns-users@mailman.powerdns.com">Pdns-users@mailman.powerdns.com</a><br>
<a moz-do-not-send="true"
href="http://mailman.powerdns.com/mailman/listinfo/pdns-users"
target="_blank">http://mailman.powerdns.com/mailman/listinfo/pdns-users</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Pdns-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Pdns-users@mailman.powerdns.com">Pdns-users@mailman.powerdns.com</a>
<a class="moz-txt-link-freetext" href="http://mailman.powerdns.com/mailman/listinfo/pdns-users">http://mailman.powerdns.com/mailman/listinfo/pdns-users</a>
</pre>
</blockquote>
<br>
</body>
</html>