<div id="__MailbirdStyleContent" style="font-size: 10pt;font-family: Arial;color: #000000">
Hi Ian,<div><br></div><div>Welcome aboard. I'm also new to PDNS and only an expert of few months :)</div><div><br></div><div>From the info you provided everything seems to be good. Someone with higher understanding will chime in if there's something wrong with it :)</div><div><br></div><div>Assuming your Auth DNS servers are only serving private internal zones/domains, you can use the following setup to consolidate resources instead of having to run separate instances<span style="font-size: 10pt;line-height: 1.5">:</span></div><div><span style="font-size: 10pt;line-height: 1.5">https://doc.powerdns.com/authoritative/guides/recursion.html</span></div><div><br></div><div>What I did was have 1 master and 2x slave (replication via mysql back-end) Auth servers. Master is only accessible via management IP and only used to configure DNS entries. Replication is also handled via management IP addresses for security and is setup as a one-way sync (master->slave). Only slaves are visible others in the organisation.</div><div><br></div><div>Both slaves are configured with Auth DNS + Recursor as per the Scenario 1 of the above link.</div><div><br></div><div>Hope this helps.</div><div class="mb_sig"><pre style="font-variant-ligatures: normal;orphans: 2;widows: 2;padding: 5px;font-family: Gotham, "Helvetica Neue", Helvetica, Arial, sans-serif;font-size: 14px;line-height: 1.3;vertical-align: top"><span style="font-variant-ligatures: normal;white-space: normal;color: rgb(174, 170, 170);font-family: arial, sans-serif;font-size: 8.5pt">Kind Regards,</span><br style="font-family: Geneva, Helvetica, Arial, sans-serif;font-size: 12px;font-variant-ligatures: normal;white-space: normal"><span style="font-variant-ligatures: normal;white-space: normal;color: rgb(174, 170, 170);font-family: arial, sans-serif;font-size: 8.5pt">Asanka Gunasekara</span><br style="font-family: Geneva, Helvetica, Arial, sans-serif;font-size: 12px;font-variant-ligatures: normal;white-space: normal"><br></pre></div>
<blockquote class="history_container" type="cite" style="border-left-style: solid;border-width: 1px;margin-top: 20px;margin-left: 0px;padding-left: 10px;min-width: 500px">
<p style="color: #AAAAAA; margin-top: 10px;">On 15/11/2018 6:29:58 AM, Ian Easter <ieaster@telvue.com> wrote:</p><div style="font-family:Arial,Helvetica,sans-serif"><div dir="ltr">Howdy folks!<br><br>As many before me, I have inherited a network infrastructure that is showing its age. First order is to update the self-hosted DNS servers. This is new territory for me, so I get the opportunity to learn as I progress in the endeavor.<br><br>Right now it is 1 BIND Master and 2 BIND Slaves and they provide DNS for our local office as well as a remote Colo. They handle the Private Internal Zones we have as well as directing requests for public internet resolution. At least, I believe that to the best summary of how they're performing.<br><br>I have a test environment setup currently and everything looks to be running smoothly. My question is geared toward verifying if I understood the overall functions correctly and have things configured as it should be (optimally).<br><br>I have PDNS Recursor sitting as the front for all of the DNS requests so they may be resolved for public websites/access and I have the `forward-zones` option set to forward all requests to the Authoritative and Slave PDNS Servers for our private internal domains. So Recursor is getting all requests, private zone/domain requests are forwarded to the Authoritative server and all others are obtained externally.<br><br>Is this the proper setup or is there a way that the Authoritative DNS Server would need to be configured to manage requests in this fashion?<div><br clear="all"><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div dir="ltr"><div dir="ltr"><i><span style="font-size: 10pt">Thank you.</span></i><div><br></div></div></div></div></div></div></div></div>
_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users
</div></blockquote></div><div id="DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2"><br />
<table style="border-top: 1px solid #D3D4DE;">
<tr>
<td style="width: 55px; padding-top: 13px;"><a href="https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient" target="_blank"><img src="https://ipmcdn.avast.com/images/icons/icon-envelope-tick-round-orange-animated-no-repeat-v1.gif" alt="" width="46" height="29" style="width: 46px; height: 29px;" /></a></td>
<td style="width: 470px; padding-top: 12px; color: #41424e; font-size: 13px; font-family: Arial, Helvetica, sans-serif; line-height: 18px;">Virus-free. <a href="https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient" target="_blank" style="color: #4453ea;">www.avast.com</a>
</td>
</tr>
</table><a href="#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2" width="1" height="1"> </a></div>