[Pdns-users] Use user questions
Charles Galpin
charles at defenderhosting.com
Sun Jul 3 22:16:03 UTC 2005
On Jul 3, 2005, at 6:01 PM, Steve Sobol wrote:
> Charles Galpin wrote:
>
>>> If PDNS gets a query it can't answer itself, it'll send it to the
>>> recursor, which is running on the same server. The recursor will go
>>> get the answer from the appropriate DNS server elswhere on the
>>> Internet.
>>>
>>> You'll generally want to set allow-recursion to only allow certain
>>> IPs to make recursive queries, too.
>> I still haven't found the time to play with pdns, but am hoping to
>> soon. Can you please clarify this last statement? Is the suggested
>> configuration to not actually use pdns for general DNS, but just on
>> hand to answer for the domains it is authoritative for?
>
> Y'know, when I wrote that I was really thinking AXFR, not recursion.
> Now I'm reading it, and it looks wrong. ;p
>
> (Open AXFRs can be considered a security hole because you're letting
> everyone know about the location of live servers)
>
> So let me modify that statement: It depends on how you are using PDNS.
> I have a cablemodem at home, with a dynamic IP address, so I just
> allow recursion from anywhere because I set myself up (and
> occasionally set up my clients) to use my PDNS server. If you don't
> have to do so, don't do it. You'll avoid some unnecessary DNS traffic.
Ok, thanks for the clarification. I believe in my case I want to make
the pdns servers my public nameservers and use the recursor then. I'll
be using mysql replication from the master DB so all servers will have
my zone info and I dont think I need AXFRs at all.
thanks again,
charles
More information about the Pdns-users
mailing list