[Pdns-users] How to set up pdns to allow NOTIFY, supermaster, and recursion to work?
Steve Shipway
steve.shipway at smxemail.com
Mon Nov 4 22:07:04 UTC 2019
On Mon, 2019-11-04 at 07:44 +0000, Brian Candler wrote:
> > I've tried adding a second IP to the DNS server and placing the
> > resolver on that, so that I can set up notify to send to this as
> an
> > additional IP, but this again breaks and becomes problematic as we
> > then have 2 IPs for a single nameserver.
>
> That's basically what you need to do with pdns.
>
> In large ISP deployments, with thousands or millions of domains,
> combining recursor and resolver results in major problems. Hence
> pdns
> decided to stop supporting such configurations entirely.
>
> In small enterprise deployments, where you control the clients as
> well
> as the domains, a combined setup may work acceptably well. But
> personally I'd keep them separate even in the smallest of
> deployments.
Thanks for the reply.
The problems with having two IP addresses are that then I need two IPs going through all the various firewalls (more trouble for setup and migration), plus, which do you use for the zone NS records? You have to have something like ns0, ns1 pointing to the recursor (for clients to use) and ns0a ns1a in the NS records pointing to the resolver... You end up with a different IP for the clients to use from the one the NS records use, and queries could be coming in to either.
I can see why an ISP, handling many queries and needing huge scale, would want to do this; but it is a horrible amount of complexity for small organisations that just want the benefit of the API and are otherwise fine with bind running on a small linux VM. It would have been better to have had the option to run in split mode (for large ISPs) or combined mode (for small organisations) rather than just supporting large setups only.
Is there a document somewhere detailing how to set up
pdns/recursor+resolver+dnsdist to replace a simple bind server with a
couple of primary and secondary zones? I have see this ( https://doc.p
owerdns.com/authoritative/guides/recursion.html ) which recommends
using a different port but as mentioned before, this causes notify and
supermaster to break. I've considered installing 4.0 (which apparently
can still do it all in one) but that would be a dead-end.
I appreciate any help with this, powerdns has great features and API
integration but is a lot more complex to configure than bind...
Steve
--
Steve Shipway | Senior Email Systems Administrator
Phone: +64 9 302 0515 Fax: +64 9 302 0518
Freephone: 0800 SMX SMX (769 769)
SMX Limited: Level 10, 19 Victoria Street West, Auckland, New Zealand
Web: http://smxemail.com
_____________________________________________________________________________
This email has been filtered by SMX. For more info visit http://smxemail.com
_____________________________________________________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20191105/d3de5445/attachment-0001.htm>
More information about the Pdns-users
mailing list