[Pdns-users] Old 3.3.1-1 to 4.1.3 Authoritative and Recursor issue

Chris Hofstaedtler chris.hofstaedtler at deduktiva.com
Tue Jul 3 11:46:01 UTC 2018

> On 02.07.2018, at 19:25, Steven Spencer <steven.spencer at kdsi.com> wrote:
> As long as the recursor does return the correct information (as ours did) can we assume that things are working? Is there a good way to make sure that the authoritative server is properly configured before an actual go-live? (testing methodology)

You can use the “Pre-delegated zone check” on https://zonemaster.iis.se (or any other public zonemaster installation) to check your new auth (possibly on a different IP for testing purposes).

To some degree it sounds you’re not absolutely sure that all your recursive traffic is indeed sent to your PowerDNS Recursors. I’d suggest running tcpdump on your existing PowerDNS Authoritative Servers to verify that they only receive traffic from Recursors, and not from your internal devices.


Chris Hofstaedtler / Deduktiva GmbH (FN 418592 b, HG Wien)
www.deduktiva.com / +43 1 353 1707

More information about the Pdns-users mailing list