<body><div id="__MailbirdStyleContent" style="font-size: 10pt;font-family: Arial;color: #000000">
Hi Brian,<div><br></div><div>Thanks for the quick response.</div><div><br></div><div>Let me try to explain why I am running this setup to give some information and possibly find a better alternative way.</div><div><br></div><div>We have several resolvers/recursors installed for clients/systems use and they're working as intended.</div><div><br></div><div>The authoritative server has a private zone. Authoritative server should respond/answer for queries to this private domain if they originated from a select list of IP addresses. And a<span style="font-size: 13.3333px;line-height: 1.5">uthoritative server should respond/answer for queries for all other domains normally.</span></div><div><span style="font-size: 13.3333px;line-height: 1.5"><br></span></div><div><span style="font-size: 13.3333px;line-height: 1.5">The reason for forwarding all requests to the </span><span style="font-size: 13.3333px">Authoritative server </span><span style="font-size: 13.3333px;line-height: 1.5">is due to the fact that this combo server should not be a public resolver/recursor.</span></div><div><span style="font-size: 13.3333px;line-height: 1.5"><br></span></div><div><span style="font-size: 13.3333px;line-height: 20px">Hope</span><span style="font-size: 13.3333px;line-height: 1.5"> this </span><span style="font-size: 13.3333px;line-height: 20px">gives</span><span style="font-size: 13.3333px;line-height: 1.5"> more </span><span style="font-size: 13.3333px;line-height: 20px">information</span><span style="font-size: 13.3333px;line-height: 1.5"> to understand </span><span style="font-size: 13.3333px;line-height: 20px">the</span><span style="font-size: 13.3333px;line-height: 1.5"> setup.</span></div><div><span style="font-size: 13.3333px;line-height: 1.5"><br></span></div><div><span style="font-size: 13.3333px;line-height: 1.5">Thanks again for your help.</span></div><div><br></div><div class="mb_sig"><pre style="font-variant-ligatures: normal;orphans: 2;widows: 2;padding: 5px;font-family: Gotham, "Helvetica Neue", Helvetica, Arial, sans-serif;font-size: 14px;line-height: 1.3;vertical-align: top"><span style="font-variant-ligatures: normal;white-space: normal;color: rgb(174, 170, 170);font-family: arial, sans-serif;font-size: 8.5pt">Kind Regards,</span><br style="font-family: Geneva, Helvetica, Arial, sans-serif;font-size: 12px;font-variant-ligatures: normal;white-space: normal"><span style="font-variant-ligatures: normal;white-space: normal;color: rgb(174, 170, 170);font-family: arial, sans-serif;font-size: 8.5pt">Asanka Gunasekara</span><br style="font-family: Geneva, Helvetica, Arial, sans-serif;font-size: 12px;font-variant-ligatures: normal;white-space: normal"><br style="font-family: Geneva, Helvetica, Arial, sans-serif;font-size: 12px;font-variant-ligatures: normal;white-space: normal"><strong style="font-family: Geneva, Helvetica, Arial, sans-serif;font-size: 12px;font-variant-ligatures: normal;white-space: normal"><span style="color: rgb(177, 21, 21);font-family: arial, sans-serif;font-size: 8.5pt">P</span></strong><strong style="font-family: Geneva, Helvetica, Arial, sans-serif;font-size: 12px;font-variant-ligatures: normal;white-space: normal"><span style="color: gray;font-family: arial, sans-serif;font-size: 8.5pt">:</span></strong><span style="font-variant-ligatures: normal;white-space: normal;color: gray;font-family: arial, sans-serif;font-size: 8.5pt"> </span><span style="font-variant-ligatures: normal;white-space: normal;color: rgb(174, 170, 170);font-family: arial, sans-serif;font-size: 8.5pt">1300 825 587</span><br style="font-family: Geneva, Helvetica, Arial, sans-serif;font-size: 12px;font-variant-ligatures: normal;white-space: normal"><strong style="font-family: Geneva, Helvetica, Arial, sans-serif;font-size: 12px;font-variant-ligatures: normal;white-space: normal"><span style="color: rgb(177, 21, 21);font-family: arial, sans-serif;font-size: 8.5pt">E</span></strong><strong style="font-family: Geneva, Helvetica, Arial, sans-serif;font-size: 12px;font-variant-ligatures: normal;white-space: normal"><span style="color: rgb(174, 170, 170);font-family: arial, sans-serif;font-size: 8.5pt">: </span></strong><span style="font-variant-ligatures: normal;white-space: normal;color: rgb(174, 170, 170);font-family: arial, sans-serif;font-size: 8.5pt">support@<a href="http://talkup.com.au/" target="_blank">talkup.com.au</a><span style="color: rgb(166, 166, 166);"> </span></span><span style="font-variant-ligatures: normal;white-space: normal;color: rgb(144, 144, 144);font-family: arial, sans-serif;font-size: 8.5pt">| </span><strong style="font-family: Geneva, Helvetica, Arial, sans-serif;font-size: 12px;font-variant-ligatures: normal;white-space: normal"><span style="color: rgb(177, 21, 21);font-family: arial, sans-serif;font-size: 8.5pt">W:</span></strong><span style="font-variant-ligatures: normal;white-space: normal;color: rgb(144, 144, 144);font-family: arial, sans-serif;font-size: 8.5pt"> </span><span style="font-variant-ligatures: normal;white-space: normal;color: rgb(174, 170, 170);font-family: arial, sans-serif;font-size: 8.5pt"><a class="gmail-m_8622906762729073402m_-2635113235028946856moz-txt-link-abbreviated" href="http://www.talkup.com.au/" target="_blank">www.talkup.com.au</a></span><br style="font-family: Geneva, Helvetica, Arial, sans-serif;font-size: 12px;font-variant-ligatures: normal;white-space: normal"><strong style="font-family: Geneva, Helvetica, Arial, sans-serif;font-size: 12px;font-variant-ligatures: normal;white-space: normal"><span style="color: rgb(177, 21, 21);font-family: arial, sans-serif;font-size: 8.5pt">Postal Address: </span></strong><span style="font-variant-ligatures: normal;white-space: normal;color: rgb(174, 170, 170);font-family: arial, sans-serif;font-size: 8.5pt">PO Box 24, Varsity Lakes QLD 4227</span><br style="font-family: Geneva, Helvetica, Arial, sans-serif;font-size: 12px;font-variant-ligatures: normal;white-space: normal"><br style="font-family: Geneva, Helvetica, Arial, sans-serif;font-size: 12px;font-variant-ligatures: normal;white-space: normal"><span style="font-variant-ligatures: normal;white-space: normal;color: green;font-family: arial, sans-serif;font-size: 8pt">Please consider the environment before printing this e-mail</span><span style="font-family: Geneva, Helvetica, Arial, sans-serif;font-size: 12px;font-variant-ligatures: normal;white-space: normal"> </span><span style="font-variant-ligatures: normal;white-space: normal;color: gray;font-family: tahoma, sans-serif;font-size: 8pt">This email message and any attachments are confidential. If you are not the intended recipient, you are notified that any unauthorised disclosure, copying, distribution or use of this information is strictly prohibited. If you have received this email in error, please notify us immediately by return email, or telephone 1300 825 587, and destroy the original message. We have taken precautions to minimise the risk of transmitting software viruses, but we advise you to carry out your own virus checks on any attachment to this message. We cannot accept liability for any loss or damage caused by software viruses.</span></pre></div><blockquote class="history_container" type="cite" style="border-left-style:solid;border-width:1px; margin-top:20px; margin-left:0px;padding-left:10px;">
<p style="color: #AAAAAA; margin-top: 10px;">On 17/10/2018 1:32:57 PM, Brian Candler <b.candler@pobox.com> wrote:</p>On 17/10/2018 10:43, Asanka Gunasekara wrote:
<br>> The issue I currently have is that when I test the records via
<br>> intodns.com or some other DNS check servers they report back saying
<br>> lame servers.
<br>>
<br>> Under recursor.conf, I have the following two lines basically
<br>> forwarding all queries to the authoritative server.
<br>> forward-zones=.=127.0.0.1:5300
<br>> forward-zones-recurse=.=127.0.0.1:5300
<br>>
<br>> Is there a way to configure the recursor to answer authoritatively for
<br>> all queries? Say for example via Lua script with setAA() function perhaps?
<br>
<br>No - I'm afraid you can't do it this way. Your authoritative server
<br>must be bound to port 53 if it's accepting queries from the outside world.
<br>
<br>You options are:
<br>
<br>1. Run your recursor and authoritative server bound to two different IP
<br>addresses (or in separate VMs or containers with their own IPs)
<br>
<br>or
<br>
<br>2. Don't list your authoritative server in the NS records, and instead
<br>use it as a "hidden primary". That is, you have two or more additional
<br>nameservers on public IPs, which are listed in NS records, and they get
<br>their zone content from the hidden primary (either by a zone transfer
<br>from x.x.x.x:5300, or by database replication)
<br>
<br>Final note: please don't use forward-zones to forward all queries to an
<br>authoritative server, since it's not authoritative for the whole
<br>Internet. You should rarely need forward-zones at all: as long as the
<br>NS records for your domain point to your authoritative servers, the
<br>recursor will find them by itself. Forward-zones are normally used for
<br>private domains which can't be delegated (e.g. localhost,
<br>168.192.in-addr.arpa)
<br>
<br>HTH,
<br>
<br>Brian.
<br>
</blockquote>
</div><div id="DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2"><br />
<table style="border-top: 1px solid #D3D4DE;">
<tr>
<td style="width: 55px; padding-top: 13px;"><a href="https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient" target="_blank"><img src="https://ipmcdn.avast.com/images/icons/icon-envelope-tick-round-orange-animated-no-repeat-v1.gif" alt="" width="46" height="29" style="width: 46px; height: 29px;" /></a></td>
<td style="width: 470px; padding-top: 12px; color: #41424e; font-size: 13px; font-family: Arial, Helvetica, sans-serif; line-height: 18px;">Virus-free. <a href="https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient" target="_blank" style="color: #4453ea;">www.avast.com</a>
</td>
</tr>
</table><a href="#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2" width="1" height="1"> </a></div></body>