[Pdns-users] Recursor remote server when not in local master-zone

Rubén Gómez ruben at irontec.com
Thu Jun 30 13:26:15 UTC 2016 

Hello Peter,

I have made what you said, but it doesn't work as I expected:

10.10.0.12 -> master pdns, authoritative zone example.com and it's recursor example.com 
10.10.0.13 -> pdns-recursor installed listening in port 53 with "forward-zones=example.com=10.10.0.12"

 dig www.example.com @10.10.0.13

; <<>> DiG 9.9.5-9-Debian <<>> www.example.com @10.10.0.13
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 14794
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;www.example.com.		IN	A

;; AUTHORITY SECTION:
example.com.		300	IN	SOA	ns1.example.com. sistemas.example.com. 2016063006 120 30 300 300

;; Query time: 4 msec
;; SERVER: 10.10.0.13#53(10.10.0.13)
;; WHEN: Thu Jun 30 15:16:05 CEST 2016
;; MSG SIZE  rcvd: 82



dig www.example.com @10.10.0.12

; <<>> DiG 9.9.5-9-Debian <<>> www.example.com @10.10.0.12
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 27319
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1680
;; QUESTION SECTION:
;www.example.com.		IN	A

;; AUTHORITY SECTION:
example.com.		300	IN	SOA	ns1.example.com. sistemas.example.com. 2016063006 120 30 300 300

;; Query time: 2 msec
;; SERVER: 10.10.0.12#53(10.10.0.12)
;; WHEN: Thu Jun 30 15:16:58 CEST 2016
;; MSG SIZE  rcvd: 93




And what I want is that if there's no record for www.example.com in my pdns-server to check the record through recursor (to check public DNS).

Right now, with my LDAP backend I haven't got a record for www.example.com and when asking for it it goes through recursor and 8.8.8.8 :

dig www.example.com

; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> www.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3202
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.example.com.               IN      A

;; ANSWER SECTION:
www.example.com.        80616   IN      A       131.30.16.5

;; Query time: 11 msec
;; SERVER: 10.10.0.4#53(10.10.0.4)
;; WHEN: Thu Jun 30 15:18:52 CEST 2016
;; MSG SIZE  rcvd: 49


10.10.0.4 is my actual pdns-server 2.91. It's a very old installation, and I have checked that what it has are simple A records (there is no master-zone with it's SOA record... I know, it's been configured like this a lot of years). The next problem will be to migrate those records from LDAP into sqlite3... But I think I will script it.

Any suggestions will be appreciated. 



----- Mensaje original -----
> De: "Peter van Dijk" <peter.van.dijk at powerdns.com>
> Para: pdns-users at mailman.powerdns.com
> Enviados: Jueves, 30 de Junio 2016 14:27:22
> Asunto: Re: [Pdns-users] Recursor remote server when not in local	master-zone
> 
> Hello Rubén,
> 
> On 29 Jun 2016, at 17:45, Rubén Gómez wrote:
> 
> > But if I try to nslookup for a record that is in my "real public DNS"
> > but not in the local powerDNS, I get the "Host www.example.com not
> > found: 3(NXDOMAIN)". I have seen that allow-recursion-override is
> > deprecated, and I don't see how to implement the "fake master-zone" to
> > make what I need.
> 
> First a side note: please do not use nslookup for debugging, it will lie
> to you. ‘dig’ is a good tool.
> 
> As for your setup: we recommend pointing your users at your recursor,
> not your auth. Then in the recursor configure forward-zones to point
> just your own domains to the auth.
> 
> Kind regards,
> --
> Peter van Dijk
> PowerDNS.COM BV - https://www.powerdns.com/
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users
>

More information about the Pdns-users mailing list