[Pdns-users] Recursor to Respond Authoritatively for all Queries
b.candler at pobox.com
Wed Oct 17 11:27:10 UTC 2018
On 17/10/2018 12:19, Asanka Gunasekara wrote:
> The authoritative server has a private zone. Authoritative server
> should respond/answer for queries to this private domain if they
> originated from a select list of IP addresses. And authoritative
> server should respond/answer for queries for all other domains normally.
When you say "all other domains", do you mean your authoritative server
is hosting authoritative information for some public domains as well?
Or only the private domain.
> The reason for forwarding all requests to the Authoritative server is
> due to the fact that this combo server should not be a public
Authoritative servers are not resolvers. So if you are hosting public
domains, the server needs to be on a public IP address and answer on
If you are *only* hosting private domains, then the combination you have
shown (resolver on port 53, authoritative on port 5300) will work. The
resolver should *only* forward the private domains to the authoritative
server. Indeed, this server can sit on a private IP address if you like.
Since the authoritative server is not available from the outside world,
and is not on the standard port 5300, an external DNS tester service
will not work.
Sending *authoritative* queries to a *recursor* is wrong.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Pdns-users