[Pdns-users] Why prefer recursor answers over auth Authoritative answers?
Kenneth Marshall
ktm at rice.edu
Fri Feb 6 14:03:31 UTC 2009
On Fri, Feb 06, 2009 at 07:43:51AM +0100, Sean Boran wrote:
> Hi,
>
> I cannot answer the recursive query, but I'm am also designing a setup to
> replace Bind with split zones. The idea was to replace bind entirely. Maybe
> we should share some design ideas?
>
> Current I have two internet ns with bind, with an an internal and external
> zone.
>
> a) Internal master:
> powerdns port 53, mysql backend
> recursor:127.0.0.1 for vptt & SCIS domains
> b) Internet #1: Contains only Public Zones & IPs
> powerdns port 53,
> mysql replica of Internal master.
> Adapt queries to ignore certain zones/IPS via "LIKE clause"
> recursor:127.0.0.1: recursor to pdns 53 for our Internet domains, else
> Internal master if source=Internal
> c) Internet#2: same as Internet#1
>
> Regards,
>
> Sean
>
This is similar to how we intend to implement split DNS. The externally
registered/public DNS servers will have queries restricted to not return
private addresses. We are still transitioning our networks so we cannot
yet enable this, but given an IP address, it is pretty easy to do.
Cheers,
Ken
More information about the Pdns-users
mailing list