<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:TimesNewRomanPSMT;
panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.apple-converted-space
{mso-style-name:apple-converted-space;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-CA link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>That solution would actually work quite well. Only downside is that I’ll have to provide our staff CLI access to the PowerDNS servers to be able to be able to remove the forward-zones setting for each domain as they are migrated (or we can have someone do them in bulk afterwards as I don’t think it’ll have any impact to leave it in), but overall I think that would work nicely.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Thanks!<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><br>GTG<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><div style='border:none;border-left:solid blue 1.5pt;padding:0cm 0cm 0cm 4.0pt'><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Dan Campbell [mailto:pdns@w3eta.net] <br><b>Sent:</b> May 11, 2015 9:55 AM<br><b>To:</b> ggiesen+powerdns@giesen.me<br><b>Cc:</b> pdns-users@mailman.powerdns.com<br><b>Subject:</b> Re: [Pdns-users] Allow recursion on only one IP<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Since the PowerDNS Recursor and PowerDNS Authoritative server are two different products, you’ll need to run both anyway.<o:p></o:p></p><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Run the recursor listening only on IP#1 (using the local-address setting) and the authoritative server listening only on IP#2 (using the local address setting).<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>During your transition phase you can use the forward-zones setting in the recursor on IP#1 to forward requests for specific domains to the auth server on IP#2.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>This is assuming I understood your question.<o:p></o:p></p><div><p class=MsoNormal>—<o:p></o:p></p></div><div><p class=MsoNormal>Dan Campbell<o:p></o:p></p><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p><div><div><p class=MsoNormal>On May 9, 2015, at 11:05 PM, <a href="mailto:ggiesen+powerdns@giesen.me">ggiesen+powerdns@giesen.me</a> wrote:<o:p></o:p></p></div><p class=MsoNormal><o:p> </o:p></p><div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>I’m currently planning a project to split recursion from authoritative DNS (they currently reside on the same IP).<span class=apple-converted-space> </span><o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'> <o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>As part of the project, I’d like to set up a second IP for PowerDNS to listen on (which will be the IP for the authoritative server; the recursive server will remain on the existing IP). The transition strategy is that IP #1 (the existing IP) will answer both recursive and authoritative queries until such time as all the domains have been migrated to use the new IP #2. IP#2 will answer only authoritative queries.<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'> <o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>However I’ve run into a snag. I can’t find any way to have PowerDNS answer recursion queries on only the IP #1 (I can only limit what IPs the queries come from, but not to). Am I missing something, is there a way to do what I’m looking to do? Or is the only solution to run separate instances of pdns (with separate config files both connecting to the same backend).<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'> <o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>Cheers,<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'><br>GTG<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'> <o:p></o:p></span></p></div><p class=MsoNormal><span style='font-size:10.5pt;font-family:"TimesNewRomanPSMT","serif"'>_______________________________________________<br>Pdns-users mailing list<br></span><a href="mailto:Pdns-users@mailman.powerdns.com"><span style='font-size:10.5pt;font-family:"TimesNewRomanPSMT","serif";color:#954F72'>Pdns-users@mailman.powerdns.com</span></a><span style='font-size:10.5pt;font-family:"TimesNewRomanPSMT","serif"'><br></span><a href="http://mailman.powerdns.com/mailman/listinfo/pdns-users"><span style='font-size:10.5pt;font-family:"TimesNewRomanPSMT","serif";color:#954F72'>http://mailman.powerdns.com/mailman/listinfo/pdns-users</span></a><o:p></o:p></p></div></div><p class=MsoNormal><o:p> </o:p></p></div></div></div></div></div></body></html>