[Pdns-users] Lua Scripting

Peter van Dijk peter.van.dijk at netherlabs.nl
Fri Dec 12 18:13:57 UTC 2014

Hello Jason,

On 12 Dec 2014, at 19:07 , Jason Frisvold <xenophage at godshell.com> wrote:

> Peter van Dijk wrote:
>> Hello Jason,
>> If your clients are end hosts (i.e. machines with the equivalent of resolv.conf), they should always be talking to a recursor. If your ‘view’ needs are simple (just a few overridden IPs here and there), using pre- or postresolve in the PowerDNS Recursor would suit your needs fine.
> I was hoping to make it easy and have the scripting on the authoritative
> server.  Internal machines use the internal recursors as normal, and the
> auth server replies with the appropriate data.  External clients hitting
> the auth servers would only get the external view.
> The data is distinct, there aren't any overlaps..  It's really just a
> security by obscurity layer.  In addition to all of the "real" security
> layers as well...

In that case it’s easiest to have a second auth server for internal data, and make sure your recursor talks to that one. You can use forward-zones in the recursor to make that happen.

Kind regards,
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/

More information about the Pdns-users mailing list