<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
</head>
<body>
<div class="moz-cite-prefix">On 18/08/2020 16:05, Fabio Perez wrote:<br>
</div>
<blockquote type="cite"
cite="mid:YTOPR0101MB1532053FA23B2AC0AB36CB3CA55C0@YTOPR0101MB1532.CANPRD01.PROD.OUTLOOK.COM">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">Hello
Brian,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">Thanks
for getting back to me, but now I’m even more confuse.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">I
though that If I create an Authoritative DNS sever and add
that IP on a different VM as a nameserver, the second VM
will only receive answers from the DNS if the DNS has that
record on it’s Database.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">And
if I add a recursor DNS that means that if the DNS doesn’t
have the record It will ask over the internet to a different
DNS server for that. <br>
</span></p>
</div>
</blockquote>
<p>The roles involved in DNS are:</p>
<p>stub resolver --------> recursor ---------> authoritative</p>
<p>The stub resolver is the client library at the client host. It's
what you configure in /etc/resolv.conf [or via DHCP]. You
configure the IP address of the recursor, or perhaps two or three
recursors for redundancy.<br>
</p>
<p>The stub resolver sends its request to the recursor.</p>
<p>The recursor knows how to find authoritative nameservers on the
Internet which hold the answers required. It does this by
following NS records (delegations).</p>
<br>
<blockquote type="cite"
cite="mid:YTOPR0101MB1532053FA23B2AC0AB36CB3CA55C0@YTOPR0101MB1532.CANPRD01.PROD.OUTLOOK.COM">
<div class="WordSection1">
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">If
this is not the case, then why do we need Authoritative DNS?
</span></p>
</div>
</blockquote>
<br>
<p>The authoritative server contains the data which is published by
the domain owner.</p>
<p>For example, say you send a query for "<a class="moz-txt-link-abbreviated" href="http://www.google.com">www.google.com</a>". The
answer is held in the authoritative nameservers for google.com.
The recursor sends the queries to them, on behalf of the client,
and caches the result in case another client asks the same query
soon afterwards. (Hence "recursor" is also known as "caching
nameserver")<br>
</p>
<p><br>
</p>
<blockquote type="cite"
cite="mid:YTOPR0101MB1532053FA23B2AC0AB36CB3CA55C0@YTOPR0101MB1532.CANPRD01.PROD.OUTLOOK.COM">
<div class="WordSection1">
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">What
I’m trying to do is:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">VM1
running a WHMCS server<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">VM2
running DirectAdmin
</span></p>
</div>
</blockquote>
<p>I've no idea what WHMCS or DirectAdmin are, but I'm presuming
these are just applications which need to make DNS queries as part
of their operation.<br>
</p>
<p><br>
</p>
<blockquote type="cite"
cite="mid:YTOPR0101MB1532053FA23B2AC0AB36CB3CA55C0@YTOPR0101MB1532.CANPRD01.PROD.OUTLOOK.COM">
<div class="WordSection1">
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">VM3
and VM4 running PowerDNS<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">So,
on the first 2 VMs I added both DNS servers as nameservers.<o:p></o:p></span></p>
</div>
</blockquote>
<p>In other words: you configured /etc/resolv.conf (or the RedHat
equivalent in /etc/sysconfig), such that VM1 and VM2 send all
their DNS queries to VM3 and VM4?<br>
</p>
<p>In that case, VM3 and VM4 should be running PowerDNS recursor.<br>
</p>
<p>You do not need to install PowerDNS Authoritative unless you own
a domain, and you want to publish information about that domain to
the Internet. And then you should run it in a *different* VM.</p>
<p>Although some DNS server software permits the bad practice of
running both recursor and authoritative in the same server
instance, PowerDNS does not let you do this.<br>
</p>
<p>Regards,</p>
<p>Brian.<br>
</p>
</body>
</html>