[Pdns-users] pdns forward nested recurse possible?

Gert van Dijk gertvdijk+pdns-users at gmail.com
Fri Apr 19 10:03:42 UTC 2019


On Fri, Apr 19, 2019 at 11:44 AM abubin <abubin at gmail.com> wrote:

> How do I do plain recursion with only pdns installed? AFAIK, the new
> version of pdns does not support recursor anymore. Or maybe I am missing
> something?
>

Nico and Brian are referring to running PowerDNS Recursor without any
'forward-zones-recurse' settings. Without the forward for '.' it will be an
actual recursor on its own.

A more broader view/advice on your messages:
I believe this thread and your other one (subject "Problem with DNSSEC from
bind to powerdns") all boil down from trying to set up a custom
internal-only domain on a public TLD, which is really hard in a public
system like DNS - especially with DNSSEC involved, you can't really fool
clients any longer. Depending on your situation, you may want to consider
moving to a domain that's actually public (what are you afraid of
actually?). If you really need to hide stuff from the outside world, you
could be creative with delegation on a subdomain, e.g. corp.mydomain.com
delegates to an internal-only visible authoritative server. People from the
outside would then only see the zone below corp.mydomain.com exists, but
cannot query it receiving SERVFAILs. Your internal recursors can resolve
them and you can even set up DNSSEC to work with it, which may or may not
be useful in such an internal-only domain anyway.

HTH
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20190419/a5a21d8a/attachment.html>


More information about the Pdns-users mailing list