[Pdns-users] Pdns Authoritative + Recursor
Daniel L. Miller
dmiller at amfes.com
Thu Dec 8 16:04:32 UTC 2011
On 12/8/2011 3:57 AM, IRCHeaven Technical Support wrote:
> In the documents I have read that the authoritative server runs on port 53
> and the recursor on port 5300.
> In the authoritative server I have puth the recursor ip and port
>
> Now is the problem that it seems that the auth not communicate with the
> recursor for solving domains outside my own domains.
> I have one time that it works but after restart it don’t works any more
>
It looks like you're trying to pair the servers in the wrong direction.
The authoritative server's job is to provide records under your control.
It's designed to provide that information as efficiently as possible.
The recursor's job is to look up any record - with a variety of caching
algorithms to do THAT as efficiently as possible. Let them do their jobs
as designed - instead of trying to force them to work backwards.
The authoritative server should be reachable by the internet in order to
be authoritative for your domain(s). The only reason for the recursor to
be publicly visible is if you wish to provide a public caching DNS
server to the internet - if you're not an ISP, I don't see why you'd
want that.
My own config, where both authoritative and recursor are on the same
machine, has the recursor listening on port 53 so my internal hosts can
use it - while the authoritative listens on 10053 and my firewall
redirects external requests via NAT.
recursor.conf
forward-zones-file=/etc/powerdns/forward-zones #Zones under my control -
lists domains with authoritative server:port
forward-zones-recurse=.=208.67.222.222 #Use OpenDNS for internet resolution
local-address=192.168.0.2,192.168.0.72 #I have multiple IP's on this machine
local-port=53
lua-dns-script=/etc/powerdns/amfes.lua #Re-writes requests for my
external domains to internal IP's
pdns.conf
allow-recursion=127.0.0.1
daemon=yes
disable-axfr=yes
lazy-recursion=yes
local-port=10053
I suggest you try the same.
--
Daniel
More information about the Pdns-users
mailing list