[Pdns-users] Control pdns response

Peter van Dijk peter.van.dijk at netherlabs.nl
Thu Apr 19 12:14:44 UTC 2012

Hello Andrea,

On Apr 19, 2012, at 14:11 , Andrea Cappelli wrote:

>> a) assuming everybody who needs 3 will be using 1, just load the zone into the recursor 
> You mean using the conf auth-zones in recursor conf?
> Like
> auth-zones = sub1.domain.com=/var/zones/sub1.domain.com, sub2.domain.com=/var/zones/sub2.domain.com
> In this case the file /var/zones/sub1.domain.com should be a bind zone file?
> For example http://en.wikipedia.org/wiki/Zone_file


>> b) if not, split 2 and 3 by running two powerdns instances.
> So I can put an instance on the public IP and an instance on the private IP, and only the private instance is allowed to do recursion (to complain with 1) )

Even simpler: you would put a pdns_server instance on the public IP, and a pdns_recursor instance on the private IP.

> In this case (assuming private instance doesn't know about public domains) if the private pdns is contacted for a public domain, it will go  through recursion and will contact the public pdns which will give the response: do you think I can accept this scenario or I have to sync private with public data, making it authorithative for those domains, for example using axfr

A recursor, unless explicitly configured otherwise, will always find public domains without trouble, by iterating down from the root servers.

Kind regards,
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/

More information about the Pdns-users mailing list