<div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small">Hello everyone!</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small">I have a Proxmox cluster on Hetzner with three nodes in which I have just configured two LinuX Container with PowerDNS Authoritative Server in primary/secondary configuration, using autoprimary (supermaster mode) and listening on port 5300. They serve two local zones (one forward, one reverse).</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small">In these containers there is also PowerDNS Recursor listening on port 53. These two containers have both a private and a public IP address (they serve through the private IP address and access the Internet through the public IP address).<br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small">This is the configuration of the recursor:</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small">forward-zones=<a href="http://example.com">example.com</a>=<a href="http://127.0.0.1:5300">127.0.0.1:5300</a><br>forward-zones+=0.168.192.in-addr.arpa=<a href="http://127.0.0.1:5300">127.0.0.1:5300</a><br>local-address=0.0.0.0, ::</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small">Firewall on port 53 is only open in the private IP address, not the public one.</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small">Now I would like the PowerDNS Recursor to use the nameservers provided by Hetzner, which are 185.12.64.1 and 185.12.64.2. As far as I have been able to find out through the documentation and the Internet, there are two possibilities:</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small">1. Configure <span style="font-family:monospace">/etc/resolv.conf</span> as follows:</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small"><br></div><div class="gmail_default" style="font-size:small"><span style="font-family:monospace">nameserver 127.0.0.1</span></div><div class="gmail_default" style="font-size:small"><span style="font-family:monospace">nameserver 185.12.64.1</span></div><div class="gmail_default" style="font-size:small"><span style="font-family:monospace">nameserver 185.12.64.2</span></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small">2. Use the directive forward-zones-recurse in the configuration, as follows:<br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small"><br></div><div class="gmail_default" style="font-size:small"><span style="font-family:monospace">forward-zones-recurse=.=185.12.64.1;185.12.64.2</span></div><div><br></div><div><div style="font-family:arial,helvetica,sans-serif;font-size:small" class="gmail_default">I have also read about using <span style="font-family:monospace">forward-zones</span> but I am not sure how. And then there is also the possiblity of using forward-zones-file for the forward zones <b><a href="http://example.com">example.com</a></b> and <b>0.168.192.in-addr.arpa</b>, but that would be just cosmetic IMHO.</div><div style="font-family:arial,helvetica,sans-serif;font-size:small" class="gmail_default"><br></div><div style="font-family:arial,helvetica,sans-serif;font-size:small" class="gmail_default">All the information I've been able to find was quite old, so it referred to older versions of the software.<br></div><div style="font-family:arial,helvetica,sans-serif;font-size:small" class="gmail_default"><br></div><div style="font-family:arial,helvetica,sans-serif;font-size:small" class="gmail_default">Could anyone please confirm that using the directive <span style="font-family:monospace">forward-zones-recurse</span> is the right way to do what I am trying to do?</div><div style="font-family:arial,helvetica,sans-serif;font-size:small" class="gmail_default"><br></div><div style="font-family:arial,helvetica,sans-serif;font-size:small" class="gmail_default">The last time I did this was about 20 years ago, using BIND, and the equivalent would be the <span style="font-family:monospace">forwarders {}</span> directive in the <span style="font-family:monospace">options {}</span> section.</div><br></div><div><div style="font-family:arial,helvetica,sans-serif;font-size:small" class="gmail_default">Thanks in advance.</div></div><div><br></div><div><div style="font-family:arial,helvetica,sans-serif;font-size:small" class="gmail_default">P.S. The setup is working fine at the moment, it's just that I guess that it's using the root servers and I'd rather use the hosting provider ones.</div><div style="font-family:arial,helvetica,sans-serif;font-size:small" class="gmail_default"></div><br></div>-- <br><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div>Jaume Sabater<br>"Ubi sapientas ibi libertas"</div></div></div></div>