[Pdns-users] lazy-recursion
Leen Besselink
leen at consolejunkie.net
Thu Mar 4 10:28:54 UTC 2010
(First of all: I'm not a PowerDNS-developer, so I might be wrong)
On 03/04/2010 10:01 AM, Liong Kok Foo wrote:
> Hmm...I read the docs on recursion again (which I already read a few
> times) and someone this time I got it.
>
> I added google's dns server 8.8.8.8 into the recursor and now external
> recursion works.
>
> There must be a reason why this is off by default. Potential security
> issues?
>
Because it's easier to detect mistakes if you keep it seperate.
It's just good practise to seperate your recursor and authoritive
server, people should just learn to do that.
Performance might be an other reason. Also you remove a dependency, what
if your recursor doesn't answer for
something, then the authoritive server doesn't answer quickly either
(does it do CNAME lookups recursively ?).
What if something is wrong with your authoritive server, if you have
your authoritive server in
your: /etc/resolv.conf as your recursor, you don't get any
recursive-queries resolved either.
> If this method works, why is there need for pdns's own recursor server?
>
1. Because people/companies don't want to depend on others (in your case
Google).
2. Because by some accounts, it's the fastest open source recursor
available. It's also pretty secure.
> Thanks.
>
>
> On 3/4/2010 4:38 PM, none wrote:
>> Basically it checks local data first before recursing to external
>> nameserver, and you should turn this off. About turning lazy-recursion
>> off doesn't lower amount av log enterys, actually it doesn't have any
>> effect at all.
>> You can read the docs here http://doc.powerdns.com/recursion.html
More information about the Pdns-users
mailing list