[Pdns-users] Why prefer recursor answers over auth Authoritative answers?

Leen Besselink leen at wirehub.nl
Thu Feb 5 22:08:19 UTC 2009

Hi David,

>> Why does PowerDNS auth server not answer queries that it is both
>> for, and has an answer for in its auth server when recursion is
available and
>> requested?

I did see you e-mail yesterday and I waited for someone knowledgable to
try and answer this, because I just know what we do at work.

First of all we feel strongly about seperating our recursive DNS and our
authoritive DNS. We think this makes sense if we ever (need to) change
software, And it's a good security practise.

So we don't point recursive queries at an authorive nameserver.

All we did is setup a few static forward-zones= in recursor.conf, were
we needed it.

I don't know how many such domains you have to deal with, so it may not
be for you, but that's what we have.

In other words, we don't want or need to use the 'recursive' part of the
PowerDNS authoritive server at all.

Not sure how it helps in your situation though.

Have a nice day,
 Leen Besselink.

More information about the Pdns-users mailing list