<br>This works dandy!<br><br>Thanks.<br><br><div class="gmail_quote">On Thu, Jun 7, 2012 at 1:04 PM, Oliver Kent <span dir="ltr"><<a href="mailto:admin@peerx.co" target="_blank">admin@peerx.co</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Sure, no problem. Here is what you need to set:<div><br></div><div><span style="font-size:11px;font-family:monospace">allow-recursion=</span> [subnets you want to allow to recurse, I think they are comma seperate but it may be by space]</div>
<div><span style="font-size:11px;font-family:monospace">lazy-recursion=yes</span> </div><div><span style="font-size:11px;font-family:monospace">recursor=<a href="http://127.0.0.1:54" target="_blank">127.0.0.1:54</a></span></div>
<div><font face="monospace"><span style="font-size:11px"><br></span></font></div><div><font face="arial, helvetica, sans-serif">That should be it.</font></div><div><font face="arial, helvetica, sans-serif"><br></font></div>
<div><font face="arial, helvetica, sans-serif">Oli</font></div><div><br><div class="gmail_quote"><div><div>On Thu, Jun 7, 2012 at 10:48 AM, Odhiambo Washington <span dir="ltr"><<a href="mailto:odhiambo@gmail.com" target="_blank">odhiambo@gmail.com</a>></span> wrote:<br>
</div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div><br><br><div class="gmail_quote"><div>On Thu, Jun 7, 2012 at 12:36 PM, Oliver Kent <span dir="ltr"><<a href="mailto:admin@peerx.co" target="_blank">admin@peerx.co</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
I happen to disagree, since I know for a fact it is possible to run both the authoritative server and recursor on the same IP address, I happen to be doing that at the moment.<div><br></div><div>Leave the authoritative server on port 53 and switch the recursor to port 54 (or a random port not in use). Have the authoritative server forward recursive queries to the recursor on your desired port (e.g <a href="http://127.0.0.1:54" target="_blank">127.0.0.1:54</a>) and perhaps set lazy recursion as well. Thats it!</div>
<div><br></div><div>Obviously, the problem with this method is that for each query that comes in, the authoritative server will check for the domain first before passing to the recursor, but thats where the cache comes in and I have never really had a problem with it. I guess it depends on the amount of domains you have.</div>
<div><br></div><div>I also object to the suggestion that it is a bad idea to run both servers on the same host. If anything, it increases security as you can limit queries to the recursor to localhost and in turn, limit recursive access to the outside world on the authoritative server.</div>
<div><br></div><div>Just my two cents!<br><br></div></blockquote></div><div><br>Hi Oli,<br><br>I intend to only allow my subnets to do recursion. I don't want to allow the whole planet to do that. They can rely on the authoritative server.<br>
<br>Could you kindly supply me with a snippet of the options I need in pdns.conf so that it passes the queries to the recursor?<br>I hope that allow-recursion=mysubnet/cidr will be used to control who is allowed to recurse.<br>
<br>I can see recursor=192.168.40.252, but suppose recursor daemon is listening on port 54, how will I tell the authoritative daemon that?<br><br></div></div><div><div><br>-- <br>Best regards,<br>
Odhiambo WASHINGTON,<br>Nairobi,KE<br>
<a href="tel:%2B254733744121" value="+254733744121" target="_blank">+254733744121</a>/<a href="tel:%2B254722743223" value="+254722743223" target="_blank">+254722743223</a><br>_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ <br>
I can't hear you -- I'm using the scrambler.<br><br>
</div></div><br></div></div><div>_______________________________________________<br>
Pdns-users mailing list<br>
<a href="mailto:Pdns-users@mailman.powerdns.com" target="_blank">Pdns-users@mailman.powerdns.com</a><br>
<a href="http://mailman.powerdns.com/mailman/listinfo/pdns-users" target="_blank">http://mailman.powerdns.com/mailman/listinfo/pdns-users</a><br>
<br></div></blockquote></div><br></div>
<br>_______________________________________________<br>
Pdns-users mailing list<br>
<a href="mailto:Pdns-users@mailman.powerdns.com" target="_blank">Pdns-users@mailman.powerdns.com</a><br>
<a href="http://mailman.powerdns.com/mailman/listinfo/pdns-users" target="_blank">http://mailman.powerdns.com/mailman/listinfo/pdns-users</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br>Best regards,<br>Odhiambo WASHINGTON,<br>Nairobi,KE<br>+254733744121/+254722743223<br>_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ <br>I can't hear you -- I'm using the scrambler.<br>
<br>