[Pdns-users] allow-from and recursion
sergio at winc.net
Sun Aug 5 15:40:13 UTC 2018
This is exactly how I have configured it now, but how do I allow my own
servers on the public side Internet to query my own dns? I have a 4
/25 ipv4 segments for my customers via T1 and other means that I need to
provide dns services.
On 08/05/2018 10:30 AM, Nicola Tiling wrote:
> Take powerdns-recursor - it’s simple, you don’t need dnsdist for an easy setup
> 1) powerdns, authoritative: IP: 126.96.36.199, Port 53, Don’t allow recursion, authoritative reachable from world
> 2) powerndes-recursor: IP 192.168.0.1, Port 53, forward authoritative zones you need to 188.8.131.52, recursor only reachable from internal or dedicated IPs
> allow-from=127.0.0.0/8, 10.0.0.0/8, 100.64.0.0/10, 169.254.0.0/16, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fc00::/7, fe80::/10
>> Am 05.08.2018 um 17:07 schrieb Sergio Cesar <sergio at winc.net>:
>> Thank you for the reply,
>> My setup is very simple, found little help in configuring dnsdist that looks so complicated and one more thing to go wrong. Like killing a fly with a cannon.
>> We have just one server ns1 replicating to a second ns2 via direct mysql replication.
>> Perhaps you have a simple configuration example for all 3 pdns, pdns-recursor and dnsdist, I can use for a simple setup like mine. We do have ipv4 and ipv6 addresses for our servers.
>> Thanks again.
>> On 08/05/2018 08:37 AM, Aki Tuomi wrote:
>>> On Sat, Aug 04, 2018 at 07:01:36PM -0500, Sergio Cesar wrote:
>>>> Installed PDNS 4.1.3 on a ubuntu 18.04.
>>>> I have try to follow
>>>> https://doc.powerdns.com/authoritative/guides/recursion.html setting up
>>>> scenario 1:
>>>> Any address I enter in "allow-from" is able to query the server and
>>>> recursion works ok, but no other query from the Internet is successful
>>>> unless I add 0.0.0.0/0 unfortunately this is not acceptable to have a
>>>> fully open server to the Internet.
>>>> In bind we have "allow-recursion" and a list of all the addresses the
>>>> server will respond to and still respond to any query to domains itself
>>>> hosts .
>>>> How can I configure pdns and pdns-recursor to respond to queries from
>>>> anyone to the authoritative server but only recurse to the allowed list?
>>>> without having an open dns on the Internet?
>>> You use dnsdist for this.
>>> Aki Tuomi
>> Pdns-users mailing list
>> Pdns-users at mailman.powerdns.com
More information about the Pdns-users