[Pdns-users] Recursor to Respond Authoritatively for all Queries

[Brian Candler]

On 17/10/2018 12:19, Asanka Gunasekara wrote:
> The authoritative server has a private zone. Authoritative server 
> should respond/answer for queries to this private domain if they 
> originated from a select list of IP addresses. And authoritative 
> server should respond/answer for queries for all other domains normally.
>
When you say "all other domains", do you mean your authoritative server 
is hosting authoritative information for some public domains as well?  
Or only the private domain.

> The reason for forwarding all requests to the Authoritative server is 
> due to the fact that this combo server should not be a public 
> resolver/recursor.

Authoritative servers are not resolvers.  So if you are hosting public 
domains, the server needs to be on a public IP address and answer on 
port 53.

If you are *only* hosting private domains, then the combination you have 
shown (resolver on port 53, authoritative on port 5300) will work.  The 
resolver should *only* forward the private domains to the authoritative 
server.  Indeed, this server can sit on a private IP address if you like.

Since the authoritative server is not available from the outside world, 
and is not on the standard port 5300, an external DNS tester service 
will not work.

Sending *authoritative* queries to a *recursor* is wrong.

Regards,

Brian.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20181017/97ad10de/attachment.html>