[Pdns-users] LDAP backend + recursor: how to interoperate?
jman at ablesky.com
Sat Mar 22 05:57:04 UTC 2008
I've been using PowerDNS for many years now with the LDAP backend
(probably since the LDAP backend was new), and it's always worked very
well. There is one problem I've never solved, though, and a search of
the list hasn't revealed a solution.
When I first started, I used to set up intranet DNS such that queries
went to the authoritative nameserver, and if it couldn't answer the
question, they would be forwarded to the recursor. This looks like a
common setup, since the docs say to put the recursor on port 5353, from
where it only answers question to the authoritative nameserver. This is
how I would like to have things work, except for a problem. If pdns is
set up to be authoritative for foobar.com, but a record for
blahblah.foobar.com isn't in the LDAP backend, it will forward the
question to the recursor. I'd rather tell pdns that it is authoritative
for foobar.com, and if blahblah.foobar.com doesn't exist, to return a
To get around this, I arranged the two servers in opposite order.
Intranet hosts are pointed to the recursor, and the recursor has
forward-zones pointers to the internal authoritative servers. This
works well, except that at our current company, we are constantly adding
and removing machines, and our networks are all behind dynamic internet
IP addresses. Although the TTLs are set to low values, it still causes
some inconvenience during the periods when the cache is stale.
What is the best way to set this up? The first scenario would be best
if there is a way to tell pdns never to forward queries for
authoritative zones. Like I say, I've been using pdns for quite a
while, so just a pointer would be great. Thank you-
More information about the Pdns-users