[Pdns-users] Running pdns alongside pdns-recursor on the same host
odhiambo at gmail.com
Thu Jun 7 09:48:20 UTC 2012
On Thu, Jun 7, 2012 at 12:36 PM, Oliver Kent <admin at peerx.co> wrote:
> I happen to disagree, since I know for a fact it is possible to run both
> the authoritative server and recursor on the same IP address, I happen to
> be doing that at the moment.
> Leave the authoritative server on port 53 and switch the recursor to port
> 54 (or a random port not in use). Have the authoritative server forward
> recursive queries to the recursor on your desired port (e.g 127.0.0.1:54)
> and perhaps set lazy recursion as well. Thats it!
> Obviously, the problem with this method is that for each query that comes
> in, the authoritative server will check for the domain first before passing
> to the recursor, but thats where the cache comes in and I have never really
> had a problem with it. I guess it depends on the amount of domains you have.
> I also object to the suggestion that it is a bad idea to run both servers
> on the same host. If anything, it increases security as you can limit
> queries to the recursor to localhost and in turn, limit recursive access to
> the outside world on the authoritative server.
> Just my two cents!
I intend to only allow my subnets to do recursion. I don't want to allow
the whole planet to do that. They can rely on the authoritative server.
Could you kindly supply me with a snippet of the options I need in
pdns.conf so that it passes the queries to the recursor?
I hope that allow-recursion=mysubnet/cidr will be used to control who is
allowed to recurse.
I can see recursor=192.168.40.252, but suppose recursor daemon is listening
on port 54, how will I tell the authoritative daemon that?
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
I can't hear you -- I'm using the scrambler.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Pdns-users