<div dir="ltr">Hi,<br><br>I must have made a mistake as I can resolve
<a href="http://geo.hotchilli.co.uk" target="_blank">geo.hotchilli.co.uk</a> DNS to countries pretty reliably, but not the <a href="http://hotchilli.co.uk" target="_blank">hotchilli.co.uk</a> set as an alias to <a href="http://geo.hotchilli.co.uk" target="_blank">geo.hotchilli.co.uk</a>, <a href="http://hotchilli.co.uk">hotchilli.co.uk</a> pretty much returns unknown IP's (
10.0.2.18 ) so i must have made some silly mistakes, is this because I have the recursor and authoritative server running on <a href="http://127.0.0.1:53">127.0.0.1:53</a> and :5300 respectively. and dnsdist on the public IP's<br><br>This is predominantly meant to be POC auth with geo IP lookup.<br><br>root@dns0-hot:/home/tony# dpkg -l | grep pdns<br>ii pdns-backend-geoip 4.4.0-1pdns.bionic amd64 geoip backend for PowerDNS<br>ii pdns-recursor 4.5.0~alpha0+master.666.g3ee80dc3c-1pdns.bionic amd64 PowerDNS Recursor<br>ii pdns-server 4.4.0-1pdns.bionic amd64 extremely powerful and versatile nameserver<br><br><div>Here is my config, this runs on 2 hosts currently and will be split later. <br><br>HOST SUMMARY<br><br>host 1<br>dns0
<br>dnsdist
<a href="http://46.17.216.218:32" target="_blank">46.17.216.218</a>:53<br>dns auth server <a href="http://127.0.0.1:5300" target="_blank">127.0.0.1:5300</a><br>dns recursor
<a href="http://127.0.0.1:53" target="_blank">127.0.0.1:53</a><br><br>host 2<br>dns1 <br>dnsdist
<a href="http://46.17.217.219:53">46.17.217.219:53</a><br>dns auth server
<a href="http://127.0.0.1:5300">127.0.0.1:5300</a>
<br>dns recursor
<a href="http://127.0.0.1:53">127.0.0.1:53</a>
<br><br>DNSDIST x 2<br><br>- dnsdist config dns0<br>setLocal("46.17.216.218")<br>addACL("<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>")<br>setECSOverride(true)<br>setECSSourcePrefixV4(24)<br>setECSSourcePrefixV6(128)<br>newServer({address="<a href="http://127.0.0.1:5300" target="_blank">127.0.0.1:5300</a>", useClientSubnet=true})<br><br> - dnsdist config dns1 <br>setLocal("46.17.217.219")<br>addACL("<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>")<br>setECSOverride(true)<br>setECSSourcePrefixV4(24)<br>setECSSourcePrefixV6(128)<br>newServer({address="<a href="http://127.0.0.1:5300" target="_blank">127.0.0.1:5300</a>", useClientSubnet=true})<br><br>AUTHORITATIVE x2<br><br>- pdns auth dns0<br>local-address=127.0.0.1<br>local-port=5300<br>cache-ttl=0<br>query-cache-ttl=0<br>launch=geoip<br>setgid=pdns<br>setuid=pdns<br>write-pid=yes<br>config-dir=/etc/powerdns<br>resolver=<a href="http://127.0.0.1:53" target="_blank">127.0.0.1:53</a><br>expand-alias=yes<br>log-dns-queries=yes<br>loglevel=9<br>edns-subnet-processing=yes<br>geoip-database-files=/usr/share/GeoIP/GeoLite2-City.mmdb,/usr/share/GeoIP/GeoLite2-ASN.mmdb<br>geoip-zones-file=/etc/powerdns/zone.yaml<br><br>- pdns auth dns1 <br>local-address=127.0.0.1<br>local-port=5300<br>cache-ttl=0<br>query-cache-ttl=0<br>launch=geoip<br>setgid=pdns<br>setuid=pdns<br>write-pid=yes<br>config-dir=/etc/powerdns<br>resolver=<a href="http://127.0.0.1:53" target="_blank">127.0.0.1:53</a></div><div>expand-alias=yes<br>log-dns-queries=yes<br>loglevel=9<br>edns-subnet-processing=yes<br>geoip-database-files=/usr/share/GeoIP/GeoLite2-City.mmdb,/usr/share/GeoIP/GeoLite2-ASN.mmdb<br>geoip-zones-file=/etc/powerdns/zone.yaml</div><div><br><br>RECURSOR x2<br><br><br></div><div> pdns recursor dns0</div><div>allow-from=46.17.216.218, 127.0.0.1, <a href="http://127.0.0.0/8" target="_blank">127.0.0.0/8</a>, <a href="http://10.0.0.0/8" target="_blank">10.0.0.0/8</a>, <a href="http://100.64.0.0/10" target="_blank">100.64.0.0/10</a>, <a href="http://169.254.0.0/16" target="_blank">169.254.0.0/16</a>, <a href="http://192.168.0.0/16" target="_blank">192.168.0.0/16</a>, <a href="http://172.16.0.0/12" target="_blank">172.16.0.0/12</a>, ::1/128, fc00::/7, fe80::/10<br>forward-zones+=<a href="http://hotchilli.co.uk" target="_blank">hotchilli.co.uk</a>=<a href="http://127.0.0.1:5300" target="_blank">127.0.0.1:5300</a><br>config-dir=/etc/powerdns<br>ecs-add-for=<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>, ::/0, !<a href="http://127.0.0.0/8" target="_blank">127.0.0.0/8</a>, !<a href="http://10.0.0.0/8" target="_blank">10.0.0.0/8</a>, !<a href="http://100.64.0.0/10" target="_blank">100.64.0.0/10</a>, !<a href="http://169.254.0.0/16" target="_blank">169.254.0.0/16</a>, !<a href="http://192.168.0.0/16" target="_blank">192.168.0.0/16</a>, !<a href="http://172.16.0.0/12" target="_blank">172.16.0.0/12</a>, !::1/128, !fc00::/7, !fe80::/10<br>ecs-cache-limit-ttl=0<br>ecs-ipv4-bits=24<br>ecs-ipv4-cache-bits=24<br>ecs-ipv6-bits=56<br>ecs-ipv6-cache-bits=56<br>hint-file=/usr/share/dns/root.hints<br>include-dir=/etc/powerdns/recursor.d<br>local-address=127.0.0.1</div><div>local-port=53 <br>lua-config-file=/etc/powerdns/recursor.lua<br>quiet=yes<br>setgid=pdns<br>setuid=pdns</div><div><br> - pdns recursor dns1 <br></div><div>allow-from=46.17.217.219, 127.0.0.1, <a href="http://127.0.0.0/8" target="_blank">127.0.0.0/8</a>, <a href="http://10.0.0.0/8" target="_blank">10.0.0.0/8</a>, <a href="http://100.64.0.0/10" target="_blank">100.64.0.0/10</a>, <a href="http://169.254.0.0/16" target="_blank">169.254.0.0/16</a>, <a href="http://192.168.0.0/16" target="_blank">192.168.0.0/16</a>, <a href="http://172.16.0.0/12" target="_blank">172.16.0.0/12</a>, ::1/128, fc00::/7, fe80::/10<br>forward-zones+=<a href="http://hotchilli.co.uk" target="_blank">hotchilli.co.uk</a>=<a href="http://127.0.0.1:5300" target="_blank">127.0.0.1:5300</a><br>config-dir=/etc/powerdns<br>ecs-add-for=<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>, ::/0, !<a href="http://127.0.0.0/8" target="_blank">127.0.0.0/8</a>, !<a href="http://10.0.0.0/8" target="_blank">10.0.0.0/8</a>, !<a href="http://100.64.0.0/10" target="_blank">100.64.0.0/10</a>, !<a href="http://169.254.0.0/16" target="_blank">169.254.0.0/16</a>, !<a href="http://192.168.0.0/16" target="_blank">192.168.0.0/16</a>, !<a href="http://172.16.0.0/12" target="_blank">172.16.0.0/12</a>, !::1/128, !fc00::/7, !fe80::/10<br>ecs-cache-limit-ttl=0<br>ecs-ipv4-bits=24<br>ecs-ipv4-cache-bits=24<br>ecs-ipv6-bits=56<br>ecs-ipv6-cache-bits=56<br>hint-file=/usr/share/dns/root.hints<br>include-dir=/etc/powerdns/recursor.d<br>local-address=127.0.0.1</div><div>local-port=53 <br>lua-config-file=/etc/powerdns/recursor.lua<br>quiet=yes<br>setgid=pdns<br>setuid=pdns <br><br>ZONE<br><br>zone.yaml<br><br>- domain: <a href="http://hotchilli.co.uk" target="_blank">hotchilli.co.uk</a><br> ttl: 60<br> records:<br> <a href="http://hotchilli.co.uk" target="_blank">hotchilli.co.uk</a>:<br> - alias: <a href="http://geo.hotchilli.co.uk" target="_blank">geo.hotchilli.co.uk</a><br> - soa: <a href="http://dns0.hotchilli.uk" target="_blank">dns0.hotchilli.uk</a> <a href="http://dns-admin.hotchilli.uk" target="_blank">dns-admin.hotchilli.uk</a> 2021030125 7200 3600 1209600 3600 <br> - NS:<br> content: <a href="http://dns0.hotchilli.uk" target="_blank">dns0.hotchilli.uk</a><br> ttl: 86400<br> - NS:<br> content: <a href="http://dns1.hotchilli.uk" target="_blank">dns1.hotchilli.uk</a><br> ttl: 86400 <br> <a href="http://gb.geo.hotchilli.co.uk" target="_blank">gb.geo.hotchilli.co.uk</a>:<br> - a: 46.17.220.152 <br> <a href="http://us.geo.hotchilli.co.uk" target="_blank">us.geo.hotchilli.co.uk</a>:<br> - a: 46.17.220.158 <br> <a href="http://de.geo.hotchilli.co.uk" target="_blank">de.geo.hotchilli.co.uk</a>:<br> - a: 46.17.220.159 <br> <a href="http://es.geo.hotchilli.co.uk" target="_blank">es.geo.hotchilli.co.uk</a>:<br> - a: 46.17.220.157 <br> <a href="http://fr.eu.geo.hotchilli.co.uk" target="_blank">fr.eu.geo.hotchilli.co.uk</a>:<br> - a: 46.17.220.156 <br> <a href="http://unknown.geo.hotchilli.co.uk" target="_blank">unknown.geo.hotchilli.co.uk</a>:<br> - a: 10.0.2.18 <br> services:<br> <a href="http://geo.hotchilli.co.uk" target="_blank">geo.hotchilli.co.uk</a>: <br> default: [ '%<a href="http://cc.geo.hotchilli.co.uk" target="_blank">cc.geo.hotchilli.co.uk</a>', '<a href="http://unknown.geo.hotchilli.co.uk" target="_blank">unknown.geo.hotchilli.co.uk</a>' ] <br>]<br><br>Many Thanks<br><br>Tony<br><br><br><br></div></div>