[Pdns-users] Need a solution to use an resolver for external CNAME's

Alejandro Adroher Mellado alejandro.adroher at omniaccess.com
Wed Sep 14 09:48:03 UTC 2016 

Hi,
A resolver by definition goes to the root servers to find answers to the queries received.
If you want to ask for an external CNAME, you need a recursor, but using f.e. the "allow-from=172.16.0.0/16" (being this your internal network), close your recursor service to the external world. You could use it, but I'm not.

You say:
"We want a public DNS server, but resolve queries for existing database entries only. Seems not possible to configure."
For that having only an Authoritative Service is enough.

I have note very clear what you are looking for .... It seems you need an Authoritative for your domains (which can be queried by everyone) and also a recursor for internal use only.

Can you clarify this for me?

XD

Ale


From: Michael Hasenburger [mailto:Michael.Hasenburger at marel.at]
Sent: miƩrcoles, 14 de septiembre de 2016 11:34
To: Alejandro Adroher Mellado <alejandro.adroher at omniaccess.com>; pdns-users at mailman.powerdns.com
Subject: AW: Need a solution to use an resolver for external CNAME's

Hi Ale,

I also configured pdns-resolver with allow-from localhost, but it does resolve all request from powerdns.
We want a public DNS server, but resolve queries for existing database entries only. Seems not possible to configure.

BR Mike


Von: Alejandro Adroher Mellado [mailto:alejandro.adroher at omniaccess.com]
Gesendet: Mittwoch, 14. September 2016 10:48
An: EDV-Techniker; pdns-users at mailman.powerdns.com<mailto:pdns-users at mailman.powerdns.com>
Betreff: RE: Need a solution to use an resolver for external CNAME's

Hi Mike,

Use ACL to close your resolver

allow-from=your internal allowed netmasks

Ale

From: Pdns-users [mailto:pdns-users-bounces at mailman.powerdns.com] On Behalf Of EDV-Techniker
Sent: miƩrcoles, 14 de septiembre de 2016 10:08
To: pdns-users at mailman.powerdns.com<mailto:pdns-users at mailman.powerdns.com>
Subject: [Pdns-users] Need a solution to use an resolver for external CNAME's

Hi,

we want using a nameserver for our domains only. I can be done without configure a resolver. Works fine but if query f.e. an external CNAME, which A record doesn't exist at our database, then PowerDNS doesn't resolve.

Using a resolver does solve this problem. But now the DNS server is open and frail for attacks.

Is there a solution to use an resolver to query existing database entries only?

BR Mike
MAREL IT solutions

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20160914/59595238/attachment.html>

More information about the Pdns-users mailing list