[Pdns-users] Slaving Opennic zones using bind-backend

Oliver Kent admin at peerx.co
Sat May 12 11:58:07 UTC 2012

Hi Peter

I will try to explain what I am trying to achieve. I had actually only wanted to slave the OpenNic domains and did not realise their root also includes the typical ICANN domains. Hence why I believed that queries for domains like google would be passed to the recursor.

I think I have identified three ways to achieve what I want.

1. I could use the bind backend and slave each of the OpenNic domains (e.g. .free, .geek etc) separately so I become authoritative for them and anything else (e.g. google.com) gets passed to the recursor. I tried this on bind and this can be achieved by doing:

zone "free." IN {
	    type slave;
	    file "/etc/powerdns/bind/zones/db.root";
	    masters {; };
		notify no;

This partially works using PDNS's bindbackend, except when the I query a domain, I only get a list of nameservers in response:

dig @localhost  reg.for.free

; <<>> DiG 9.7.3 <<>> @localhost reg.for.free
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61646
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2

;reg.for.free.			IN	A

for.free.		18000	IN	NS	ns1.nic.free.
for.free.		18000	IN	NS	ns2.nic.free.

ns1.nic.free.		18000	IN	A
ns2.nic.free.		18000	IN	A

;; Query time: 1 msec
;; WHEN: Sat May 12 06:31:40 2012
;; MSG SIZE  rcvd: 102

If there are any powerdns settings I can tweak to get this working or there is something I am doing wrong, please let me know.

2. I could set forward zones on the recursor for individual OpenNic domains so they are forwarded to OpenNic resolvers. Although to my knowledge, there is no wildcard feature (e.g. *.free=ip.address) and this can only be used on individual domains. Please correct me if I am wrong.

3. I could set the recursor to use OpenNic root hints. I tried this before and obviously performance is not as good as normal (i.e. without their root hints). It would also mean I have to keep an eye on the hints file to make sure it is up to date.

If you have any suggestions or if I am doing anything wrong, let me know. Ideally I would like to be able to use the first method, I just can't seem to get it working.

Thanks for your continued help,


On 12 May 2012, at 09:22, Peter van Dijk wrote:
> If you have auth running in front of recursor, auth will give the best *auth* answer it has for a question. This behaviour could be slightly better, but what you want does not make sense - your recursor doesnt even know about opennic.
> If you want to run both an auth and a recursor, and you want the auth to host the opennic root, and you want your recursor to honor the opennic root, you need to point your clients to the recursor directly and set up forward-zones accordingly.
> Kind regards,
> -- 
> Peter van Dijk
> Netherlabs Computer Consulting BV - http://www.netherlabs.nl/
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users

More information about the Pdns-users mailing list