[Pdns-users] Old 3.3.1-1 to 4.1.3 Authoritative and Recursor issue
Steven Spencer
steven.spencer at kdsi.com
Mon Jul 2 15:21:07 UTC 2018
Greetings,
We have been using PowerDNS for a very long time. I've converted from
several older versions to new ones and separated our recursor from our
authoritative server about 6 years ago. We are also a small IT shop, so
sometimes things get behind, which is where we are at the moment with PDNS.
What I'm trying to get my mind around is the changes to how the
recursive server communicates with the authoritative server. In an
attempt to take our new servers live last night, our authoritative
server would answer for domains that we are authoritative for, but would
not answer for anything that required the recursor. The recursor,
however, answered just fine for everything, but showed everything as a
Non-authoritative answer, even for things that we are authoritative for.
In reading the documents, I came across the *"Migrating from using
recursion on the Authoritative Server to using a Recursor"
*(https://doc.powerdns.com/authoritative/guides/recursion.html) article
which I initially discounted, as we have, again, been running separate
recursor's and authoritative servers for quite a few years. The removal
of the ability to specify the recursor within the pdns.conf, seems to
have changed the entire dynamic of the request/reply framework. (we used
the recursor= to specify the recursor's address which resided on its own
hardware). Up to this point, our authoritative server has had the
publicly advertised DNS address, but if I'm reading this article
correctly, it /looks/ like we need to switch the recursor to run as the
IP of what we have published as our DNS address. So, my questions are:
* Is this the case, do I need to change my IP scheme so that the
recursor(s) for our domain actually have the IP address of the published
DNS servers?
* If so, is it OK that answers will show up on the recursor as
non-authoritative even if we are indeed authoritative for the domain?
* finally, does this adversely affect the way that the root DNS servers
communicate with our zone?
Thanks in advance,
--
--
Steven G. Spencer, Network Administrator
KSC Corporate - The Kelly Supply Family of Companies
Office 308-382-8764 Ext. 1131
Mobile 402-765-8010
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20180702/b628c54a/attachment.html>
More information about the Pdns-users
mailing list