<div><div><div><div dir="auto">It might be a strange setup, but we are trying to have a PowerDNS server that acts as the authoritative name server for <a href="http://flcn.io" target="_blank">flcn.io</a> for clients on our network, while Cloudflare DNS acts as the authoritative DNS for everyone else.</div><div dir="auto">We do this, to try to not expose private IPs in public DNS records, but we need a few public records for Let's Encrypt records, hence the added Cloudflare DNS.</div><div dir="auto"><br></div><div dir="auto">This seems to work well for the most part, only CNAME records with external targets (like AWS load balancers) are causing problems, and I can't figure out why.</div></div></div></div><div dir="auto"><br></div><div dir="auto">I will try to follow the setup in the guide David mentioned, and see if that will work.</div><div dir="auto"><br></div><div dir="auto">Thank you everyone, for your help so far. It is very much appreciated.</div><div><div><div><br><div class="gmail_quote"><div>On Fri, 21 Jul 2017 at 19:24, Brian Candler <<a href="mailto:b.candler@pobox.com" target="_blank">b.candler@pobox.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On 21/07/2017 18:07, Rune Sørensen wrote:<br>
> I'm running pdns-server, as you guessed. I only enabled recursion,<br>
> because nslook complained when I hadn't enabled it.<br>
> Would it be better to try to set up a recursor in front of<br>
> pdns-server, and then disable recursion on the server?<br>
<br>
One doesn't "go in front" of the other, they are just separate.<br>
<br>
Best practice is two separate servers:<br>
<br>
- pdns-recursor is what your client machines use: they point to this in<br>
their DNS server settings, e.g. /etc/resolv.conf<br>
<br>
- pdns-server is what you host your domains on: NS records in the parent<br>
domain point to this.<br>
<br>
However if you're hosting your domains at cloudflare then you don't need<br>
pdns-server - unless you're using pdns-server as a hidden primary which<br>
cloudflare copies from? But I don't think you are, since you showed an<br>
example where your local pdns-server had different records than cloudflare.<br>
<br>
I don't know what your use case is.  If you want a local DNS cache for<br>
clients to point at, then pdns-recursor is what you need.<br>
<br>
Regards,<br>
<br>
Brian.<br>
<br>
</blockquote></div></div></div></div><div dir="ltr">-- <br></div><div data-smartmail="gmail_signature"><div dir="ltr"><table>
                      <tbody><tr>
                          <td colspan="2">
                              <div>
                                  <span><strong>Rune Tor Sørensen</strong></span>
                              </div>
                              <div>
                                  <span>Site Reliability Engineer</span>
                              </div>
                          </td>
                      </tr>
                      <tr>
                          <td colspan="2">
                              <div>
                                  <a href="javascript:void(0);" value="+4531722097" target="_blank">+45 3172 2097</a>
                              </div>
                              
                              <div>
                                  <a href="https://www.linkedin.com/in/runets" target="_blank">LinkedIn</a>
                                  <a href="https://twitter.com/Areian" target="_blank">Twitter</a>
                              </div>
                          </td>
                      </tr>
                      
                    
                    
                      <tr>
                          <td>
                              <div><strong>Copenhagen</strong></div>
                              <div>Falcon.io Aps</div>
                              <div>H.C. Andersens Blvd. 27</div>
                              <div>1553 Copenhagen</div>
                              <div>CVR no.: 33362226</div>
                          </td>
                      </tr>
                      <tr>
                          <td colspan="2">
                              <div>
                                  <a href="https://www.falcon.io/?utm_source=Employee%20emails&utm_medium=email&utm_content=Rune%20Tor%20S%C3%B8rensen&utm_campaign=Mail%20signature" target="_blank">
                                      
                                      <img src="http://more.falcon.io/rs/154-TKC-606/images/falconio-black.png" alt="Falcon.io">
                                  </a>
                              </div>
                              <div>Meet Your Customers</div>
                          </td>
                      </tr>
                  </tbody></table></div></div>