[dnsdist] Simple setup with authoritative server
Roberto Greiner
roberto.greiner at fundunesp.org.br
Thu Aug 27 18:45:20 UTC 2020
Hi,
I'm trying to set a simple authoritative server that is also a recursive
server for my network. The idea is that for my domain (lets say
domain.com), I want the server the answer with the aa flag enabled, and
for my IP ranges it should answer with the addresses in the database.
Everything else should be send to the recursive server.
So, I've set powerdns on localhost:5300, with MySQL backend and using
nsedit to edit my domains. This is working (the full config is below).
I've set powerdns-recursive on localhost:5301 to answer the recursive
requests (full config also below).
Last, I've set dnsdist to <myIP>:53. The idea is that DNS requests
asking for <domain.com>, <myip4> and <myip6> should go to powerdns.
Everything else should go to powerdns-recursor. Simple, I guess. My
problem is that I'm confused with the dnsdist config, so I would like to
ask what I should add in there. So far, my config is the following:
setLocal('0.0.0.0:53')
addLocal('0::0:64')
setACL({'0.0.0.0/0', '::/0'}) -- Allow all IPs access
newServer({address='127.0.0.1:5300', pool='auth'})
newServer({address='127.0.0.1:5301', pool='recursor'})
recursive_ips = newNMG()
recursive_ips:addMask('0.0.0.0/0') -- These network masks are the ones
from allow-recursion in the Authoritative Server
recursive_ips:addMask('::0/0')
addAction({"<mydomain>."}, PoolAction("auth"))
addAction(NetmaskGroupRule(recursive_ips), PoolAction('recursor'))
addAction(AllRule(), PoolAction('auth'))
-- disable security status polling via DNS
setSecurityPollSuffix("")
This work, but only for the domain. Queries for my ip addresses are
being sent to the recursor. If I replace the 'addAction({"<mydomain>."},
PoolAction("auth"))' with
addAction({"<mydomain>.", "<myip6range>", "myip4range"}, PoolAction("auth"))
Nothing is sent to the authoritative server; The right setup is probably
simple, but I can't figure what it should be. Could somebody give me a hand?
Thanks,
Roberto
PS: I'm using Ubuntu 20.04, pdns 4.2.1-1, installed via apt. dnsdist is
version 1.4.0, also using apt. My setup for pdns is:
api=yes
api-key=<some key>
include-dir=/etc/powerdns/pdns.d
launch=gmysql
gmysql-host=127.0.0.1
gmysql-user=powerdns
gmysql-dbname=powerdns
gmysql-password=<some password>
gmysql-dnssec=yes
local-address=127.0.0.1
local-ipv6=::1
local-port=5300
security-poll-suffix=
setgid=pdns
setuid=pdns
webserver=yes
My recursor.conf is:
allow-from=0.0.0.0/0 ::0/0
config-dir=/etc/powerdns
forward-zones=<mydomain>=127.0.0.1:5300
hint-file=/usr/share/dns/root.hints
include-dir=/etc/powerdns/recursor.d
local-address=127.0.0.1, ::1
local-port=5301
lua-config-file=/etc/powerdns/recursor.lua
public-suffix-list-file=/usr/share/publicsuffix/public_suffix_list.dat
quiet=yes
security-poll-suffix=
setgid=pdns
setuid=pdns
--
--
Este e-mail foi verificado quanto a vírus pelo AVG.
http://www.avg.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20200827/d992bfff/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: MarcosRobertoGreiner.jpg
Type: image/jpeg
Size: 11274 bytes
Desc: not available
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20200827/d992bfff/attachment.jpg>
More information about the dnsdist
mailing list