[Pdns-users] PowerDNS and CNAMEs
rune at falcon.io
Sun Jul 23 07:23:37 UTC 2017
It might be a strange setup, but we are trying to have a PowerDNS server
that acts as the authoritative name server for flcn.io for clients on our
network, while Cloudflare DNS acts as the authoritative DNS for everyone
We do this, to try to not expose private IPs in public DNS records, but we
need a few public records for Let's Encrypt records, hence the added
This seems to work well for the most part, only CNAME records with external
targets (like AWS load balancers) are causing problems, and I can't figure
I will try to follow the setup in the guide David mentioned, and see if
that will work.
Thank you everyone, for your help so far. It is very much appreciated.
On Fri, 21 Jul 2017 at 19:24, Brian Candler <b.candler at pobox.com> wrote:
> On 21/07/2017 18:07, Rune Sørensen wrote:
> > I'm running pdns-server, as you guessed. I only enabled recursion,
> > because nslook complained when I hadn't enabled it.
> > Would it be better to try to set up a recursor in front of
> > pdns-server, and then disable recursion on the server?
> One doesn't "go in front" of the other, they are just separate.
> Best practice is two separate servers:
> - pdns-recursor is what your client machines use: they point to this in
> their DNS server settings, e.g. /etc/resolv.conf
> - pdns-server is what you host your domains on: NS records in the parent
> domain point to this.
> However if you're hosting your domains at cloudflare then you don't need
> pdns-server - unless you're using pdns-server as a hidden primary which
> cloudflare copies from? But I don't think you are, since you showed an
> example where your local pdns-server had different records than cloudflare.
> I don't know what your use case is. If you want a local DNS cache for
> clients to point at, then pdns-recursor is what you need.
*Rune Tor Sørensen*
Site Reliability Engineer
LinkedIn <https://www.linkedin.com/in/runets> Twitter
H.C. Andersens Blvd. 27
CVR no.: 33362226
Meet Your Customers
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Pdns-users