<div dir="ltr"><br>Awesome!<br><br>Thank you for the confirmation Asanka!<br><br>Always best to have a second person "check your work."<br><br clear="all"><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><i><font size="2">Thank you,</font></i><div><br></div><div><br></div></div></div></div></div></div></div><br></div><br><div class="gmail_quote"><div dir="ltr">On Wed, Nov 14, 2018 at 8:25 PM Asanka Gunasekara <<a href="mailto:asankag@talkup.com.au">asankag@talkup.com.au</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div id="m_-586991028752395626__MailbirdStyleContent" style="font-size:10pt;font-family:Arial;color:#000000">
Hi Ian,<div><br></div><div>Welcome aboard. I'm also new to PDNS and only an expert of few months :)</div><div><br></div><div>From the info you provided everything seems to be good. Someone with higher understanding will chime in if there's something wrong with it :)</div><div><br></div><div>Assuming your Auth DNS servers are only serving private internal zones/domains, you can use the following setup to consolidate resources instead of having to run separate instances<span style="font-size:10pt;line-height:1.5">:</span></div><div><span style="font-size:10pt;line-height:1.5"><a href="https://doc.powerdns.com/authoritative/guides/recursion.html" target="_blank">https://doc.powerdns.com/authoritative/guides/recursion.html</a></span></div><div><br></div><div>What I did was have 1 master and 2x slave (replication via mysql back-end) Auth servers. Master is only accessible via management IP and only used to configure DNS entries. Replication is also handled via management IP addresses for security and is setup as a one-way sync (master->slave). Only slaves are visible others in the organisation.</div><div><br></div><div>Both slaves are configured with Auth DNS + Recursor as per the Scenario 1 of the above link.</div><div><br></div><div>Hope this helps.</div><div class="m_-586991028752395626mb_sig"><pre style="font-variant-ligatures:normal;padding:5px;font-family:Gotham,"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px;line-height:1.3;vertical-align:top"><span style="font-variant-ligatures:normal;white-space:normal;color:rgb(174,170,170);font-family:arial,sans-serif;font-size:8.5pt">Kind Regards,</span><br style="font-family:Geneva,Helvetica,Arial,sans-serif;font-size:12px;font-variant-ligatures:normal;white-space:normal"><span style="font-variant-ligatures:normal;white-space:normal;color:rgb(174,170,170);font-family:arial,sans-serif;font-size:8.5pt">Asanka Gunasekara</span><br style="font-family:Geneva,Helvetica,Arial,sans-serif;font-size:12px;font-variant-ligatures:normal;white-space:normal"><br></pre></div>
<blockquote class="m_-586991028752395626history_container" type="cite" style="border-left-style:solid;border-width:1px;margin-top:20px;margin-left:0px;padding-left:10px;min-width:500px">
<p style="color:#aaaaaa;margin-top:10px">On 15/11/2018 6:29:58 AM, Ian Easter <<a href="mailto:ieaster@telvue.com" target="_blank">ieaster@telvue.com</a>> wrote:</p><div style="font-family:Arial,Helvetica,sans-serif"><div dir="ltr">Howdy folks!<br><br>As many before me, I have inherited a network infrastructure that is showing its age. First order is to update the self-hosted DNS servers. This is new territory for me, so I get the opportunity to learn as I progress in the endeavor.<br><br>Right now it is 1 BIND Master and 2 BIND Slaves and they provide DNS for our local office as well as a remote Colo. They handle the Private Internal Zones we have as well as directing requests for public internet resolution. At least, I believe that to the best summary of how they're performing.<br><br>I have a test environment setup currently and everything looks to be running smoothly. My question is geared toward verifying if I understood the overall functions correctly and have things configured as it should be (optimally).<br><br>I have PDNS Recursor sitting as the front for all of the DNS requests so they may be resolved for public websites/access and I have the `forward-zones` option set to forward all requests to the Authoritative and Slave PDNS Servers for our private internal domains. So Recursor is getting all requests, private zone/domain requests are forwarded to the Authoritative server and all others are obtained externally.<br><br>Is this the proper setup or is there a way that the Authoritative DNS Server would need to be configured to manage requests in this fashion?<div><br clear="all"><div><div dir="ltr" class="m_-586991028752395626gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div dir="ltr"><div dir="ltr"><i><span style="font-size:10pt">Thank you.</span></i><div><br></div></div></div></div></div></div></div></div>
_______________________________________________
Pdns-users mailing list
<a href="mailto:Pdns-users@mailman.powerdns.com" target="_blank">Pdns-users@mailman.powerdns.com</a>
<a href="https://mailman.powerdns.com/mailman/listinfo/pdns-users" target="_blank">https://mailman.powerdns.com/mailman/listinfo/pdns-users</a>
</div></blockquote></div><div id="m_-586991028752395626DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2"><br>
<table style="border-top:1px solid #d3d4de">
<tr>
<td style="width:55px;padding-top:13px"><a href="https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient" target="_blank"><img src="https://ipmcdn.avast.com/images/icons/icon-envelope-tick-round-orange-animated-no-repeat-v1.gif" alt="" width="46" height="29" style="width:46px;height:29px"></a></td>
<td style="width:470px;padding-top:12px;color:#41424e;font-size:13px;font-family:Arial,Helvetica,sans-serif;line-height:18px">Virus-free. <a href="https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient" style="color:#4453ea" target="_blank">www.avast.com</a>
</td>
</tr>
</table><a href="#m_-586991028752395626_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2" width="1" height="1"> </a></div></blockquote></div>