[Pdns-users] problem with 4.1.0 recursion removed

Brian Candler b.candler at pobox.com
Sun Aug 11 17:34:24 UTC 2019


On 11/08/2019 18:12, Tom Ivar Helbekkmo wrote:
> Hmm.  Might it also work to do something really simple involving more
> than one recursor?  If the primary recursor had something like this:
>
> forward-zones-recurse=e164.arpa=10.0.0.11;1.1.1.1
>
> ...and the one at 10.0.0.11 then had:
>
> forward-zones=e164.arpa=10.0.0.12
>
> ...with 10.0.0.12 being the local "authoritative" server for e164.arpa,
> might then a number end up first being looked up on 10.0.0.12, and then,
> if that failed, using 1.1.1.1?  I guess it's possible that 10.0.0.11
> would need a Lua hack to transform a NXDOMAIN into some sort of failure,
> to cause the primary recursor to go to 1.1.1.1 (or a third local
> recursor, if you prefer, of course).

Ergh.  Using "failures" like that means you can't handle real failures 
properly, to build redundancy into your setup.

It sounds like what you want is a custom authoritative DNS server which 
does a local database dip, and if it doesn't find the answer there, 
sends to a recursive server instead. dnsdist 
<https://dnsdist.org/rules-actions.html> is the tool to look at.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20190811/bd672885/attachment.html>


More information about the Pdns-users mailing list