<div dir="ltr"><p style="margin-top:0px;margin-right:0px;margin-left:0px;padding:0px;border:0px;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;font-family:Arial,"Helvetica Neue",Helvetica,sans-serif;font-size:15px;vertical-align:baseline;box-sizing:inherit;clear:both;color:rgb(36,39,41)">I have installed powerdns on the server to serve DNS requests.</p><p style="margin-top:0px;margin-right:0px;margin-left:0px;padding:0px;border:0px;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;font-family:Arial,"Helvetica Neue",Helvetica,sans-serif;font-size:15px;vertical-align:baseline;box-sizing:inherit;clear:both;color:rgb(36,39,41)">The setup has powerdns at port 5300, recursor at port 5301 and dnsdist at port 53.</p><p style="margin-top:0px;margin-right:0px;margin-left:0px;padding:0px;border:0px;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;font-family:Arial,"Helvetica Neue",Helvetica,sans-serif;font-size:15px;vertical-align:baseline;box-sizing:inherit;clear:both;color:rgb(36,39,41)">If I perform a dig I am getting the results below which is not authoritative hence is ignored by other nameservers.</p><p style="margin-top:0px;margin-right:0px;margin-left:0px;padding:0px;border:0px;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;font-family:Arial,"Helvetica Neue",Helvetica,sans-serif;font-size:15px;vertical-align:baseline;box-sizing:inherit;clear:both;color:rgb(36,39,41)">1.while calling recursor:</p><pre style="margin-top:0px;padding:12px;border:0px;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:1.30769;font-family:Consolas,Menlo,Monaco,"Lucida Console","Liberation Mono","DejaVu Sans Mono","Bitstream Vera Sans Mono","Courier New",monospace,sans-serif;font-size:13px;vertical-align:baseline;box-sizing:inherit;width:auto;max-height:600px;overflow:auto;border-radius:5px"><code style="margin:0px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-weight:inherit;font-stretch:inherit;line-height:inherit;font-family:Consolas,Menlo,Monaco,"Lucida Console","Liberation Mono","DejaVu Sans Mono","Bitstream Vera Sans Mono","Courier New",monospace,sans-serif;vertical-align:baseline;box-sizing:inherit;background-color:transparent;white-space:inherit;border-radius:0px">dig a <a href="http://essyfortunes.com">essyfortunes.com</a> @<a href="http://85.10.203.183">85.10.203.183</a>

; <<>> DiG 9.16.1-Ubuntu <<>> a <a href="http://essyfortunes.com">essyfortunes.com</a> @<a href="http://85.10.203.183">85.10.203.183</a>
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64902
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;<a href="http://essyfortunes.com">essyfortunes.com</a>.      IN  A

;; ANSWER SECTION:
<a href="http://essyfortunes.com">essyfortunes.com</a>.   0   IN  A   95.216.38.152

;; Query time: 155 msec
;; SERVER: 85.10.203.183#53(85.10.203.183)
;; WHEN: Tue Jan 19 09:04:44 EAT 2021
;; MSG SIZE  rcvd: 61</code></pre><p style="margin-top:0px;margin-right:0px;margin-left:0px;padding:0px;border:0px;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;font-family:Arial,"Helvetica Neue",Helvetica,sans-serif;font-size:15px;vertical-align:baseline;box-sizing:inherit;clear:both;color:rgb(36,39,41)">1.while calling powerdns:<br></p><pre style="margin-top:0px;padding:12px;border:0px;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:1.30769;font-family:Consolas,Menlo,Monaco,"Lucida Console","Liberation Mono","DejaVu Sans Mono","Bitstream Vera Sans Mono","Courier New",monospace,sans-serif;font-size:13px;vertical-align:baseline;box-sizing:inherit;width:auto;max-height:600px;overflow:auto;border-radius:5px"><code style="margin:0px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-weight:inherit;font-stretch:inherit;line-height:inherit;font-family:Consolas,Menlo,Monaco,"Lucida Console","Liberation Mono","DejaVu Sans Mono","Bitstream Vera Sans Mono","Courier New",monospace,sans-serif;vertical-align:baseline;box-sizing:inherit;background-color:transparent;white-space:inherit;border-radius:0px">dig a <a href="http://essyfortunes.com">essyfortunes.com</a> @<a href="http://85.10.203.183">85.10.203.183</a> -p 5300

; <<>> DiG 9.16.1-Ubuntu <<>> a <a href="http://essyfortunes.com">essyfortunes.com</a> @<a href="http://85.10.203.183">85.10.203.183</a> -p 5300
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19637
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;<a href="http://essyfortunes.com">essyfortunes.com</a>.      IN  A

;; ANSWER SECTION:
<a href="http://essyfortunes.com">essyfortunes.com</a>.   0   IN  A   95.216.38.152

;; Query time: 155 msec
;; SERVER: 85.10.203.183#5300(85.10.203.183)
;; WHEN: Tue Jan 19 09:05:06 EAT 2021
;; MSG SIZE  rcvd: 61</code></pre><p style="margin-top:0px;margin-right:0px;margin-left:0px;padding:0px;border:0px;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;font-family:Arial,"Helvetica Neue",Helvetica,sans-serif;font-size:15px;vertical-align:baseline;box-sizing:inherit;clear:both;color:rgb(36,39,41)">Both powerdns and recursor are using default settings. My dnsdist setting is as follows;<br></p><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div dir="ltr"><div><div>setLocal('85.10.203.183')<br>setACL({'<a href="http://0.0.0.0/0">0.0.0.0/0</a>', '::/0'}) -- Allow all IPs access<br><br>newServer({address='<a href="http://85.10.203.183:5301">85.10.203.183:5301</a>', pool='auth'})<br>newServer({address='<a href="http://85.10.203.183:5301">85.10.203.183:5301</a>', pool='recursor'})<br><br>recursive_ips = newNMG()<br>recursive_ips:addMask('<a href="http://0.0.0.0/0">0.0.0.0/0</a>') -- These network masks are the ones from allow-recursion in the Authoritative Server<br><br>addAction(NetmaskGroupRule(recursive_ips), PoolAction('recursor'))<br>addAction(AllRule(), PoolAction('auth'))<br></div></div><div></div></div></div></div></div></div>