[Pdns-users] Running pdns alongside pdns-recursor on the same host
odhiambo at gmail.com
Thu Jun 7 10:15:26 UTC 2012
This works dandy!
On Thu, Jun 7, 2012 at 1:04 PM, Oliver Kent <admin at peerx.co> wrote:
> Sure, no problem. Here is what you need to set:
> allow-recursion= [subnets you want to allow to recurse, I think they are
> comma seperate but it may be by space]
> That should be it.
> On Thu, Jun 7, 2012 at 10:48 AM, Odhiambo Washington <odhiambo at gmail.com>wrote:
>> On Thu, Jun 7, 2012 at 12:36 PM, Oliver Kent <admin at peerx.co> wrote:
>>> I happen to disagree, since I know for a fact it is possible to run both
>>> the authoritative server and recursor on the same IP address, I happen to
>>> be doing that at the moment.
>>> Leave the authoritative server on port 53 and switch the recursor to
>>> port 54 (or a random port not in use). Have the authoritative server
>>> forward recursive queries to the recursor on your desired port (e.g
>>> 127.0.0.1:54) and perhaps set lazy recursion as well. Thats it!
>>> Obviously, the problem with this method is that for each query that
>>> comes in, the authoritative server will check for the domain first before
>>> passing to the recursor, but thats where the cache comes in and I have
>>> never really had a problem with it. I guess it depends on the amount of
>>> domains you have.
>>> I also object to the suggestion that it is a bad idea to run both
>>> servers on the same host. If anything, it increases security as you can
>>> limit queries to the recursor to localhost and in turn, limit recursive
>>> access to the outside world on the authoritative server.
>>> Just my two cents!
>> Hi Oli,
>> I intend to only allow my subnets to do recursion. I don't want to allow
>> the whole planet to do that. They can rely on the authoritative server.
>> Could you kindly supply me with a snippet of the options I need in
>> pdns.conf so that it passes the queries to the recursor?
>> I hope that allow-recursion=mysubnet/cidr will be used to control who is
>> allowed to recurse.
>> I can see recursor=192.168.40.252, but suppose recursor daemon is
>> listening on port 54, how will I tell the authoritative daemon that?
>> Best regards,
>> Odhiambo WASHINGTON,
>> _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
>> I can't hear you -- I'm using the scrambler.
>> Pdns-users mailing list
>> Pdns-users at mailman.powerdns.com
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
I can't hear you -- I'm using the scrambler.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Pdns-users