[Pdns-users] Allow recursion on only one IP

ggiesen+powerdns at giesen.me ggiesen+powerdns at giesen.me
Mon May 11 14:50:51 UTC 2015

That solution would actually work quite well. Only downside is that I’ll have to provide our staff CLI access to the PowerDNS servers to be able to be able to remove the forward-zones setting for each domain as they are migrated (or we can have someone do them in bulk afterwards as I don’t think it’ll have any impact to leave it in), but overall I think that would work nicely.





From: Dan Campbell [mailto:pdns at w3eta.net] 
Sent: May 11, 2015 9:55 AM
To: ggiesen+powerdns at giesen.me
Cc: pdns-users at mailman.powerdns.com
Subject: Re: [Pdns-users] Allow recursion on only one IP


Since the PowerDNS Recursor and PowerDNS Authoritative server are two different products, you’ll need to run both anyway.


Run the recursor listening only on IP#1 (using the local-address setting) and the authoritative server listening only on IP#2 (using the local address setting).


During your transition phase you can use the forward-zones setting in the recursor on IP#1 to forward requests for specific domains to the auth server on IP#2.


This is assuming I understood your question.


Dan Campbell



On May 9, 2015, at 11:05 PM, ggiesen+powerdns at giesen.me wrote:


I’m currently planning a project to split recursion from authoritative DNS (they currently reside on the same IP). 


As part of the project, I’d like to set up a second IP for PowerDNS to listen on (which will be the IP for the authoritative server; the recursive server will remain on the existing IP). The transition strategy is that IP #1 (the existing IP) will answer both recursive and authoritative queries until such time as all the domains have been migrated to use the new IP #2. IP#2 will answer only authoritative queries.


However I’ve run into a snag. I can’t find any way to have PowerDNS answer recursion queries on only the IP #1 (I can only limit what IPs the queries come from, but not to). Am I missing something, is there a way to do what I’m looking to do? Or is the only solution to run separate instances of pdns (with separate config files both connecting to the same backend).





Pdns-users mailing list
 <mailto:Pdns-users at mailman.powerdns.com> Pdns-users at mailman.powerdns.com
 <http://mailman.powerdns.com/mailman/listinfo/pdns-users> http://mailman.powerdns.com/mailman/listinfo/pdns-users


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20150511/ec290121/attachment-0001.html>

More information about the Pdns-users mailing list