[Pdns-users] pdns+dnsdist doesn't act like authoritative server

Ted Fines Ted at odc.vu
Mon Jul 20 05:55:32 UTC 2020 

I should clarify what exactly happens.  When I execute a 'dig', I see the Question and the Authority section (which is the .vu TLD authority) but nothing in the Answer section.  When I was only using pdns, without the recursor and dnsdist, the Answer section was populated.

# dig @localhost dom01.vu

; <<>> DiG 9.11.3-1ubuntu1.12-Ubuntu <<>> @localhost dom01.vu
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 20206
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;dom01.vu.                      IN      A

;; AUTHORITY SECTION:
vu.                     1562    IN      SOA     ns1.neustar.vu. hostmaster.neustar.biz. 1595043109 1800 300 1814400 1800

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Jul 20 07:53:40 CEST 2020
;; MSG SIZE  rcvd: 107



From: Pdns-users [mailto:pdns-users-bounces at mailman.powerdns.com] On Behalf Of Ted Fines via Pdns-users
Sent: Monday, July 20, 2020 4:32 PM
To: Pdns-users at mailman.powerdns.com
Subject: [Pdns-users] pdns+dnsdist doesn't act like authoritative server

System: Ubuntu 18.04
Pdns 4.1.13
Dnsdist - 1.2.1 (Lua 5.2.4)
Pdns-recursor 4.1.1

I set up only pdns at first, and made a fake domain, and when I'd query it, pdns would answer correctly, like an authoritative server.

But then after configuring dnsdist and pdns-recursor, it doesn't seem to think it is the authoritative server any more.  I followed the guide at https://docs.powerdns.com/authoritative/guides/recursion.html.  What am I missing?

Here are my config files:
/etc/powerdns/pds.conf:
# PowerDNS configuration file
# Replace ns1.example.com with your primary nameserver's hostname
default-soa-name=vanuatu.mywire.org
include-dir=/etc/powerdns/pdns.d
launch=
security-poll-suffix=
setgid=pdns
setuid=pdns

api=yes
# Replace <RANDOM_KEY> with a randomly generated key for API access
api-key=30daysinjune
master=yes
slave=no

webserver=yes
webserver-address=127.0.0.1
webserver-allow-from=113.11.246.207,127.0.0.1

local-address=127.0.0.1
local-port=5300

/etc/powerdns/recursor.conf:
local-address=127.0.0.1
local-port=5301
forward-zones=dom01.vu=127.0.0.1:5300
config-dir=/etc/powerdns
hint-file=/usr/share/dns/root.hints
include-dir=/etc/powerdns/recursor.d

local-address=127.0.0.1

quiet=yes

security-poll-suffix=
setgid=pdns
setuid=pdns

/etc/dnsdist/dnsdist.conf
---------------------------------
setLocal('78.46.186.16')
addLocal('127.0.0.1')
setACL({'0.0.0.0/0', '::/0'}) -- Allow all IPs access

newServer({address='127.0.0.1:5300', pool='auth'})
newServer({address='127.0.0.1:5301', pool='recursor'})

recursive_ips = newNMG()
recursive_ips:addMask('113.11.0.0/16') -- These network masks are the ones from allow-recursion in the Authoritative Server
recursive_ips:addMask('127.0.0.1/32') -- These network masks are the ones from allow-recursion in the Authoritative Server

addAction(NetmaskGroupRule(recursive_ips), PoolAction('recursor'))
addAction(AllRule(), PoolAction('auth'))






Protected by CyberHound Appliance<http://cyberhound.com/>

Protected by CyberHound Appliance<http://cyberhound.com/>

Protected by CyberHound Appliance
(http://cyberhound.com/)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20200720/74d23b02/attachment.htm>

More information about the Pdns-users mailing list