[Pdns-users] pdns forward nested recurse possible?

Nico CARTRON nicolas at ncartron.org
Fri Apr 19 10:16:57 UTC 2019


On 19-Apr-2019 12:10 CEST, <abubin at gmail.com> wrote:

> That means the way to go is what I stated initially. That is using
> pdns-recursor to forward "known" domains to authoritative server. The rest
> will be forward with recursive to public dns, right?

Not "forwarded" (which has a special meaning in DNS), rather "sent" to the
public DNS system (i.e. recursion to the Root servers, then (cc)TLD, ...)

But yes, correct.


Cheers,

-- 
Nico

> On Fri, Apr 19, 2019 at 5:48 PM Nico CARTRON <nicolas at ncartron.org> wrote:
> 
> > On 19-Apr-2019 11:44 CEST, <abubin at gmail.com> wrote:
> >
> > > How do I do plain recursion with only pdns installed? AFAIK, the new
> > > version of pdns does not support recursor anymore. Or maybe I am missing
> > > something?
> >
> > I think you're confusing things :)
> >
> > You're probably referring to the fact that the Authoritative server does
> > not
> > provide recursion anymore - this is true.
> >
> > But in your case, the server doing the recursion would be the PowerDNS
> > Recursor,
> > which of course will always provide DNS Recursion, since that its main
> > goal in
> > life ;)
> >
> > Cheers,
> >
> > --
> > Nico
> >
> > > On Fri, Apr 19, 2019 at 5:32 PM Nico CARTRON <nicolas at ncartron.org>
> > wrote:
> > >
> > > > Hi,
> > > >
> > > > On 19-Apr-2019 11:21 CEST, <abubin at gmail.com> wrote:
> > > >
> > > > > Hi,
> > > > >
> > > > > I am just trying to have something simple.
> > > >
> > > > well, I do believe you are complicating something which should be
> > simple ;)
> > > >
> > > > > When a client query the pdns recursor server, it will first look at
> > it's
> > > > > authoritative pdns domains. If non of the domains being queried is in
> > > > > authoritative then it will shoot to public dns for recurvise query.
> > > > >
> > > > > EG,
> > > > > dig onedomain.com @pdnsrecursor.server
> > > > >
> > > > > pdnsrecursor server will forward query to pdns authoritative if
> > nothing
> > > > > comes back then forward to public dns.
> > > > >
> > > > > Does it make sense?
> > > >
> > > > As noted by Brian in another answer, why not just use forward-zones to
> > > > point to
> > > > the Auth the requests for the few domains you are responsible for, and
> > for
> > > > all
> > > > the other zones, just use plain recursion, and not use Google Public
> > DNS?
> > > >
> > > > Cheers,
> > > >
> > > > --
> > > > Nico
> > > >
> > > > > On Fri, Apr 19, 2019 at 5:04 PM Nico CARTRON <nicolas at ncartron.org>
> > > > wrote:
> > > > >
> > > > > > Hello,
> > > > > >
> > > > > > On 19-Apr-2019 10:48 CEST, <abubin at gmail.com> wrote:
> > > > > >
> > > > > > > Hi,
> > > > > > >
> > > > > > > Is it possible to use recursor to forward all queries to pdns
> > > > > > authoritative
> > > > > > > server and if that query fails, it will forward all to public DNS
> > > > such as
> > > > > > > 8.8.8.8?
> > > > > > >
> > > > > > > For example, in my pdns, I have create a domain called
> > mydomain.com
> > > > and
> > > > > > > yourdomain.moc.
> > > > > > >
> > > > > > > So instead of creating:
> > > > > > > forward-zones=mydomain=127.0.0.1:5300
> > > > > > > forward-zones+=yourdomain.moc=127.0.0.1:5300
> > > > > > > forward-zones-recurse=.=8.8.8.8
> > > > > > >
> > > > > > > I would like to create:
> > > > > > > forward-zones-recurse=.=127.0.0.1:5300
> > > > > > > forward-zones-recurse+=.=8.8.8.8
> > > > > > >
> > > > > > > However, tried second method and it does not work. Please advise.
> > > > > >
> > > > > > Could you explain with more details what you are trying to achieve?
> > > > > > Sending all the queries you're receiving from the Recursor to an
> > > > > > Authoritative
> > > > > > server wont' work, as the Auth will only answer for the DNS zones
> > it is
> > > > > > Auth
> > > > > > for.
> > > > > >
> > > > > > Google Public DNS is not an Authoritative service, but a recursive
> > one.
> > > > > >
> > > > > > Also, forward-zones-recurse means you are sending requests to a
> > > > recursive
> > > > > > DNS
> > > > > > server (
> > > > > >
> > https://doc.powerdns.com/recursor/settings.html#forward-zones-recurse
> > > > ),
> > > > > > which your PDNS Authoritative is not - hence the fact that this
> > second
> > > > > > method
> > > > > > doesn't work.
> > > > > >
> > > > > > Cheers,


More information about the Pdns-users mailing list