[Pdns-users] not authoritative for subdomain
bparish at cognex.com
Wed Aug 10 18:47:55 UTC 2011
I am using Authoritative server 3.0 and Recursor 3.3 that I just installed on Ubuntu 11.04 from source, using the gymsql backend.
Years ago I used PowerDNS and was able to set it up so that if a query couldn't be answered by the local MySQL database, it would forward the request on to another server, even if the query was for a host inside the domain that Power DNS was authoritative over.
I can't seem to get that behavior working again, wasn't sure if that's because I still haven't figured out the right "magic" for my config files (and/or domain records!), or if this behavior has changed in PowerDNS?
For example: our "example.com" domain has a subdomain called "pc.example.com".
example.com is served by PowerDNS, but pc.example.com is served by Windows DNS.
The real kicker is that there are host records that share space in the same IP range.
desktop.pc.example.com 10.10.10.10 <= Served in pc.example.com by Windows DNS
server.example.com 10.10.10.11 <= Served in example.com by PowerDNS
I'd like to be able to point everything to PowerDNS.
If the record I am searching for is located in PowerDNS, great - serve it up.
If the record is not in the PowerDNS database, forward the query on to the Windows DNS, no matter what the domain or PTR record is.
If I am looking for foo.example.com, and it lives in PowerDNS database - return that A record.
If I am looking for foo.pc.example.com and it does not live in PowerDNS, forward the request to Windows DNS.
If I am looking for 10.10.10.10 and it lives in PowerDNS, serve it. If not, forward to Windows DNS.
The zones are a bit muddled.
Almost all of example.com does live in the PowerDNS database and pc.example.com in Windows.
But when it comes to IP's (for PTR records), they are all over the map and there are no clear zones. That's why I really want PowerDNS to forward on the requests, even if the IP being queried falls within the reverse zone hosted in PowerDNS (like above, both of those 10.10.10.x IP's would be in the same reverse 10.10.10-in-addr.arpa zone)
I hope I explained it enough to make sense!
I'm open for ideas. I couldn't seem to make it work pointing first to PowerDNS, and somehow handing off all requests to the recursor. Lookups for pc.example.com where not forwarded on, it seemed like PowerDNS thought itself to be authoritative for all *.example.com.
I currently point to the recursor first, with this in the recursor.conf file:
(where 10.10.10.100 is powerdns and 10.10.10.101 is windows)
That works for the forward lookups, at least the ones that are kept where they should be (e.g. no parent domain example.com hosts in the Windows DNS) but the reverse lookups break, only getting a valid reply if the PTR record is in PowerDNS, and a NXDOMAIN if it's a record found in Windows.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Pdns-users