I happen to disagree, since I know for a fact it is possible to run both the authoritative server and recursor on the same IP address, I happen to be doing that at the moment.<div><br></div><div>Leave the authoritative server on port 53 and switch the recursor to port 54 (or a random port not in use). Have the authoritative server forward recursive queries to the recursor on your desired port (e.g <a href="http://127.0.0.1:54">127.0.0.1:54</a>) and perhaps set lazy recursion as well. Thats it!</div>
<div><br></div><div>Obviously, the problem with this method is that for each query that comes in, the authoritative server will check for the domain first before passing to the recursor, but thats where the cache comes in and I have never really had a problem with it. I guess it depends on the amount of domains you have.</div>
<div><br></div><div>I also object to the suggestion that it is a bad idea to run both servers on the same host. If anything, it increases security as you can limit queries to the recursor to localhost and in turn, limit recursive access to the outside world on the authoritative server.</div>
<div><br></div><div>Just my two cents!</div><div><br></div><div>Oli<br><br><div class="gmail_quote">On Thu, Jun 7, 2012 at 10:22 AM, kalpesh thaker <span dir="ltr"><<a href="mailto:kalpesh@webdevworld.com" target="_blank">kalpesh@webdevworld.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">Jan-Piet Mens wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
1. I don't see how to run both concurrently on the same host as they always<br>
conflict on the IP. The host has a singe address - 192.168.40.252.<br>
</blockquote>
You cannot run two services of any kind on a single IP address, so<br>
running two DNS servers on one address won't work. See if you can put<br>
one of the servers on a loopback address, and the other on your public<br>
IP.<br>
</blockquote>
<br></div>
in any case, its not really a good idea to have your recursor and authoritative DNS servers on the same host... however, to add onto Jan-Piet Mens comment, a cheap and dirty way to accomplish this would be to assign a virtual interface to your primary NIC with another IP, then assign the authorative server to use it, with the recursor setup on the 'real' interface open to the world...... then use the "forward-zones-recurse=" function on the recursor to foward queries to the 'virtual IP addressed' authoritative server. obviously there will be cons to using this setup, and isnt advisable to use this in a live environment (best to have two physical NIC's with seperate public IP's that listen and respond to request individually for each server).<br>
<br>
all the best<span class="HOEnZb"><font color="#888888"><br>
<br>
kt.</font></span><div class="HOEnZb"><div class="h5"><br>
______________________________<u></u>_________________<br>
Pdns-users mailing list<br>
<a href="mailto:Pdns-users@mailman.powerdns.com" target="_blank">Pdns-users@mailman.powerdns.<u></u>com</a><br>
<a href="http://mailman.powerdns.com/mailman/listinfo/pdns-users" target="_blank">http://mailman.powerdns.com/<u></u>mailman/listinfo/pdns-users</a><br>
</div></div></blockquote></div><br></div>