[Pdns-users] Superslave behind dnsdist...

[Chris Hellyar]

Hi-ho,

I'm using powerdns 4.0 (ubuntu 16.04) in a company network with a few
sites running two superslaves each for internal zones on pdns_server and
using recusor= pointing at a local pdns_recusor to get public recursion.

I'd like to upgrade to 4.1 (ubuntu 18.04) but I'm having problems with
the new recursor in front of the slave scenario, and was wondering if
anyone can point me in the right direction.

Essentially I have dnsdist set up, per
https://dnsdist.org/advanced/axfr.html to pass notifies through to the
slave, and the recursor has some forward-zones entries..

The problem is the SOA lookup a super slave does when a notify is passed
through from dnsdist...

The notify originates from the hidden master, dnsdist passes it to the
slave, the slave sees the packet coming from the dnsdist IP, which I've
set as a super-master IP for the slave, but then the slave does an SOA
lookup to the dnsdist IP, which fails.  Normally the superslave does the
SOA to the hidden master, which responds and and then the slave kicks
the AXFR.

I'm building this up in docker so I can distribute it easily around the
network / sites and happy to share all the details of my test setup, but
I figured someone else might have solved this problem already as it must
be a common problem for powerdns on company / internal networks,  but my
Google-foo so far has let me down. :-)

Cheers, Chris H.



-- 
This Communication is Confidential. We only send and receive email on the

basis of the terms set out at www.taitradio.com/email_disclaimer 
<http://www.taitradio.com/email_disclaimer>