[Pdns-users] Running pdns alongside pdns-recursor on the same host
Oliver Kent
admin at peerx.co
Thu Jun 7 09:36:26 UTC 2012
I happen to disagree, since I know for a fact it is possible to run both
the authoritative server and recursor on the same IP address, I happen to
be doing that at the moment.
Leave the authoritative server on port 53 and switch the recursor to port
54 (or a random port not in use). Have the authoritative server forward
recursive queries to the recursor on your desired port (e.g 127.0.0.1:54)
and perhaps set lazy recursion as well. Thats it!
Obviously, the problem with this method is that for each query that comes
in, the authoritative server will check for the domain first before passing
to the recursor, but thats where the cache comes in and I have never really
had a problem with it. I guess it depends on the amount of domains you have.
I also object to the suggestion that it is a bad idea to run both servers
on the same host. If anything, it increases security as you can limit
queries to the recursor to localhost and in turn, limit recursive access to
the outside world on the authoritative server.
Just my two cents!
Oli
On Thu, Jun 7, 2012 at 10:22 AM, kalpesh thaker <kalpesh at webdevworld.com>wrote:
> Jan-Piet Mens wrote:
>
>> 1. I don't see how to run both concurrently on the same host as they
>>> always
>>> conflict on the IP. The host has a singe address - 192.168.40.252.
>>>
>> You cannot run two services of any kind on a single IP address, so
>> running two DNS servers on one address won't work. See if you can put
>> one of the servers on a loopback address, and the other on your public
>> IP.
>>
>
> in any case, its not really a good idea to have your recursor and
> authoritative DNS servers on the same host... however, to add onto Jan-Piet
> Mens comment, a cheap and dirty way to accomplish this would be to assign a
> virtual interface to your primary NIC with another IP, then assign the
> authorative server to use it, with the recursor setup on the 'real'
> interface open to the world...... then use the "forward-zones-recurse="
> function on the recursor to foward queries to the 'virtual IP addressed'
> authoritative server. obviously there will be cons to using this setup, and
> isnt advisable to use this in a live environment (best to have two physical
> NIC's with seperate public IP's that listen and respond to request
> individually for each server).
>
> all the best
>
> kt.
>
> ______________________________**_________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.**com <Pdns-users at mailman.powerdns.com>
> http://mailman.powerdns.com/**mailman/listinfo/pdns-users<http://mailman.powerdns.com/mailman/listinfo/pdns-users>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20120607/84e83298/attachment-0001.html>
More information about the Pdns-users
mailing list