[Pdns-users] Recursion when Powerdns auth servers is SOA

Rory Toma rory at ooma.com
Tue Jan 10 22:37:50 UTC 2012 

On 1/10/12 2:35 PM, bert hubert wrote:
> On Jan 10, 2012, at 11:28 PM, Rory Toma wrote:
>
>> I have a case where we are transitioning from a traditional (albeit hacked) bind server to powerdns auth server.
>>
>> I have the case right now where I've set up powerdns, and set the allow-recursion-override=yes and set up the recursor, and I have a few questions.
>>
>> 1) It seems that "recursor" only accepts a single IP? Is this true?
> Yes.
>
>> 2) It works ok for records that powerdns server. Howerver, if I do a query of a record that is not in powerdns, I do not see it query the recursor server. If I remove SOA from the powerdns data, then it recurses fine, however, it no longer answers for data that is in the powerdns records. How do I set up the pdns config file so that it will answer for records that it has in it's data that it is SOA for, and forward these to the recursor server if the data isn't there?
>>
This is exactly the case, and yes, if you remove the SOA record, 
powerdns becomes severely confused. 8-) I refer to the paragraph in Ch 
15 of the power dns manual:

"To make sure that the local authoritative database overrides recursive 
information, PowerDNS first tries to answer a question from its own 
database. If that succeeds, the answer packet is sent back immediately 
without involving the recursor in any way. This means that for questions 
for which there is no answer, PowerDNS will consult the recursor for an 
recursive query, even if PowerDNS is authoritative for a domain! This 
will only cause problems if you 'fake' domains which don't really exist."

What I want to do is have powerdns consult the recursor even of powerdns 
is authoritative for a domain. This is what I can' seem to get to work.

thx

> If PowerDNS has the SOA (which means 'Start of Authority'), PowerDNS 3.0 considers itself authoritative. In that case it indeed won't hand off to the recursor. But I'm not sure if this is the problem you describe.
>
> If you remove the SOA from a domain, PowerDNS might become severely confused.
>
> What effect are you trying to achieve?
>
> 	Bert
>
>> thx
>> _______________________________________________
>> Pdns-users mailing list
>> Pdns-users at mailman.powerdns.com
>> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20120110/6d310c8c/attachment-0001.html>

More information about the Pdns-users mailing list