[Pdns-users] pdns forward nested recurse possible?

Nico CARTRON nicolas at ncartron.org
Fri Apr 19 09:32:50 UTC 2019


Hi,

On 19-Apr-2019 11:21 CEST, <abubin at gmail.com> wrote:

> Hi,
> 
> I am just trying to have something simple.

well, I do believe you are complicating something which should be simple ;)

> When a client query the pdns recursor server, it will first look at it's
> authoritative pdns domains. If non of the domains being queried is in
> authoritative then it will shoot to public dns for recurvise query.
> 
> EG,
> dig onedomain.com @pdnsrecursor.server
> 
> pdnsrecursor server will forward query to pdns authoritative if nothing
> comes back then forward to public dns.
> 
> Does it make sense?

As noted by Brian in another answer, why not just use forward-zones to point to
the Auth the requests for the few domains you are responsible for, and for all
the other zones, just use plain recursion, and not use Google Public DNS?

Cheers,

-- 
Nico

> On Fri, Apr 19, 2019 at 5:04 PM Nico CARTRON <nicolas at ncartron.org> wrote:
> 
> > Hello,
> >
> > On 19-Apr-2019 10:48 CEST, <abubin at gmail.com> wrote:
> >
> > > Hi,
> > >
> > > Is it possible to use recursor to forward all queries to pdns
> > authoritative
> > > server and if that query fails, it will forward all to public DNS such as
> > > 8.8.8.8?
> > >
> > > For example, in my pdns, I have create a domain called mydomain.com and
> > > yourdomain.moc.
> > >
> > > So instead of creating:
> > > forward-zones=mydomain=127.0.0.1:5300
> > > forward-zones+=yourdomain.moc=127.0.0.1:5300
> > > forward-zones-recurse=.=8.8.8.8
> > >
> > > I would like to create:
> > > forward-zones-recurse=.=127.0.0.1:5300
> > > forward-zones-recurse+=.=8.8.8.8
> > >
> > > However, tried second method and it does not work. Please advise.
> >
> > Could you explain with more details what you are trying to achieve?
> > Sending all the queries you're receiving from the Recursor to an
> > Authoritative
> > server wont' work, as the Auth will only answer for the DNS zones it is
> > Auth
> > for.
> >
> > Google Public DNS is not an Authoritative service, but a recursive one.
> >
> > Also, forward-zones-recurse means you are sending requests to a recursive
> > DNS
> > server (
> > https://doc.powerdns.com/recursor/settings.html#forward-zones-recurse),
> > which your PDNS Authoritative is not - hence the fact that this second
> > method
> > doesn't work.
> >
> > Cheers,
> >
> > --


More information about the Pdns-users mailing list