[Pdns-users] Remote backend docs

Aki Tuomi cmouse at cmouse.fi
Mon Dec 5 12:25:08 UTC 2016 


On 05.12.2016 13:56, Mike Cardwell wrote:
> * on the Mon, Dec 05, 2016 at 01:34:07PM +0200, Aki Tuomi wrote:
>
>>> Just got started with PowerDNS. Developing an application using the
>>> Remote backend, but the docs at
>>> https://doc.powerdns.com/md/authoritative/backend-remote/ seem a
>>> little sparse. What do the following parameters contain and when
>>> should they be used?
>>>
>>> zone_id
>>> domain_id
>>> auth
>>> scopeMask
>> zone_id = optional zone id, or use -1 if you do not care about such
>> things. This is an opaque integer used by powerdns in various places to
>> tell you which zone it means.
>>
>> domain_id = ditto above, but for domains
> It sounds like I can ignore these two.
>
>> auth = 1 if your data is authoritative for the zone and 0 if not.
>> usually you should set this to 1. setting it 0 will put the data into
>> additional section.
> Hmm. ISTR that answers were having their additional section populated
> automatically even though I wasn't setting "auth" to anything. Will
> double check that later. But it's good to know that's what the intention
> of the variable is at least.
>
>> scopeMask = how many bits of requestor IP was used to produce this
>> result. this should 0 unless you are using the client's (real) IP
>> somehow to come up with the answer, and if you do, how many bits of the
>> value was used. 128 (v6) or 32 (v4) means you used up the whole IP, 0
>> means no bits were used.
> This sounds like it will work if I want to for example return a different
> A record depending on the source IP address. However, what if I want to
> return a specific A record for some source IPs, and *no* A record for
> other IPs? How do I set a scopeMask on an empty response?

Set scopeMask = 0 when you are not using it. There are two kinds of
empty responses,

1. No such domain at all (i have no idea what this domain is)

You return false.

2. No such record (for requested type, or at all)

You return empty array. If you are asked for ANY or SOA you can reply
with domain SOA. I am not 100% sure what you should do in your use case,
but I guess I would check if you can return 1 here if your known values
are above or below x.x.x.x/1 OR something::/1 and client's IP is on this
half, so it can cache half the internet. Otherwise you should return 128
or 32 to be sure.

Aki

More information about the Pdns-users mailing list