[Pdns-users] Pdns Authoritative + Recursor

Daniel L. Miller dmiller at amfes.com
Thu Dec 8 16:04:32 UTC 2011

On 12/8/2011 3:57 AM, IRCHeaven Technical Support wrote:
> In the documents I have read that the authoritative server runs on port 53
> and the recursor on port 5300.
> In the authoritative server I have puth the recursor ip and port
> Now is the problem that it seems that the auth not communicate with the
> recursor for solving domains outside my own domains.
> I have one time that it works but after restart it don’t works any more
It looks like you're trying to pair the servers in the wrong direction.

The authoritative server's job is to provide records under your control. 
It's designed to provide that information as efficiently as possible. 
The recursor's job is to look up any record - with a variety of caching 
algorithms to do THAT as efficiently as possible. Let them do their jobs 
as designed - instead of trying to force them to work backwards.

The authoritative server should be reachable by the internet in order to 
be authoritative for your domain(s). The only reason for the recursor to 
be publicly visible is if you wish to provide a public caching DNS 
server to the internet - if you're not an ISP, I don't see why you'd 
want that.

My own config, where both authoritative and recursor are on the same 
machine, has the recursor listening on port 53 so my internal hosts can 
use it - while the authoritative listens on 10053 and my firewall 
redirects external requests via NAT.

forward-zones-file=/etc/powerdns/forward-zones #Zones under my control - 
lists domains with authoritative server:port
forward-zones-recurse=.= #Use OpenDNS for internet resolution
local-address=, #I have multiple IP's on this machine
lua-dns-script=/etc/powerdns/amfes.lua #Re-writes requests for my 
external domains to internal IP's


I suggest you try the same.

More information about the Pdns-users mailing list