[Pdns-users] Running auth server and recursor on the same server, upgrading from 4.0.9
Yves Goergen
nospam.list at unclassified.de
Tue Jun 23 18:07:22 UTC 2020
Hello,
I'm preparting the upgrade from an old server to current software. One
of the changes is that PowerDNS Auth and Recursor are upgraded from
4.0.9 to 4.2.1 from Ubuntu 20.04. While checking my old config files, I
was surprised to find that the documentation just silently says the
recursor option is no longer supported on the auth server. I hadn't seen
any hint of this breaking change in the release notes!
So I've read the migration guide
<https://doc.powerdns.com/authoritative/guides/recursion.html> and am
left clueless. In scenario 2, Dan Bernstein seems to explain why it's a
bad idea to run auth and recursor on the same host/IP address. I don't
understand what he writes so I can't use it and need to continue the
case "this is not possible" in the guide. I'm not getting any wiser by
looking at the picture that's shown there.
I have only one server and one IPv4 address, so using a multi-IP setup
just isn't possible. With the decreased availability of IPv4 addresses,
this isn't realistic either.
The guide suggests installing yet another software, dnsdist. A load
balancer that seems to be "abused" for this compat scenario. I don't
need load balancing, I only have a single server. This sounds like an
additional potential point of failure. And the suggested dnsdist config
isn't really helpful. It contains what looks like placeholders and I'm
not sure what to put in there.
It seems like I have to tell dnsdist what client IP addresses or queried
names should go to which of the two instances, auth or recursor. Now I
have a hundred IPv6 addresses and as many domains - subdomains not
included. They're all listed in the auth server's database. And the
whole setup is pointless if I have to repeat the contents from the
database in a static config file.
And if local clients (which are allowed for recursion) never land on the
auth server, they cannot resolve local names! That sounds a bit stupid
to me.
So how is this supposed to work? Can I still use PowerDNS or will I have
to find another solution that has the same features as PowerDNS 4.0.9?
I'm feeling like the most basic one-server environment has just been
forgotten.
-Yves
More information about the Pdns-users
mailing list