[Pdns-users] Recursor to Respond Authoritatively for all Queries
Asanka Gunasekara
asankag at talkup.com.au
Wed Oct 17 14:58:05 UTC 2018
Hi Brian,
Thanks for taking the time to explain this to me.
Yes, this server hosts other public domains and I agree what I have done is wrong.
Now, my question is, is there a way for me to serve two different addresses for records depending on the interface the request came from? This way I might be able to reply with private IPs for internal requests and a different IP for external requests.
On Wed, 17 Oct 2018, 16:57 Brian Candler, <b.candler at pobox.com [mailto:b.candler at pobox.com]> wrote:
On 17/10/2018 12:19, Asanka Gunasekara wrote:
The authoritative server has a private zone. Authoritative server should respond/answer for queries to this private domain if they originated from a select list of IP addresses. And authoritative server should respond/answer for queries for all other domains normally.
When you say "all other domains", do you mean your authoritative server is hosting authoritative information for some public domains as well? Or only the private domain.
The reason for forwarding all requests to the Authoritative server is due to the fact that this combo server should not be a public resolver/recursor.
Authoritative servers are not resolvers. So if you are hosting public domains, the server needs to be on a public IP address and answer on port 53.
If you are *only* hosting private domains, then the combination you have shown (resolver on port 53, authoritative on port 5300) will work. The resolver should *only* forward the private domains to the authoritative server. Indeed, this server can sit on a private IP address if you like.
Since the authoritative server is not available from the outside world, and is not on the standard port 5300, an external DNS tester service will not work.
Sending *authoritative* queries to a *recursor* is wrong.
Regards,
Brian.
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20181017/6d01add0/attachment.html>
More information about the Pdns-users
mailing list