[Pdns-users] Running auth server and recursor on the same server, upgrading from 4.0.9

Yves Goergen nospam.list at unclassified.de
Tue Jun 23 18:07:22 UTC 2020


I'm preparting the upgrade from an old server to current software. One 
of the changes is that PowerDNS Auth and Recursor are upgraded from 
4.0.9 to 4.2.1 from Ubuntu 20.04. While checking my old config files, I 
was surprised to find that the documentation just silently says the 
recursor option is no longer supported on the auth server. I hadn't seen 
any hint of this breaking change in the release notes!

So I've read the migration guide 
<https://doc.powerdns.com/authoritative/guides/recursion.html> and am 
left clueless. In scenario 2, Dan Bernstein seems to explain why it's a 
bad idea to run auth and recursor on the same host/IP address. I don't 
understand what he writes so I can't use it and need to continue the 
case "this is not possible" in the guide. I'm not getting any wiser by 
looking at the picture that's shown there.

I have only one server and one IPv4 address, so using a multi-IP setup 
just isn't possible. With the decreased availability of IPv4 addresses, 
this isn't realistic either.

The guide suggests installing yet another software, dnsdist. A load 
balancer that seems to be "abused" for this compat scenario. I don't 
need load balancing, I only have a single server. This sounds like an 
additional potential point of failure. And the suggested dnsdist config 
isn't really helpful. It contains what looks like placeholders and I'm 
not sure what to put in there.

It seems like I have to tell dnsdist what client IP addresses or queried 
names should go to which of the two instances, auth or recursor. Now I 
have a hundred IPv6 addresses and as many domains - subdomains not 
included. They're all listed in the auth server's database. And the 
whole setup is pointless if I have to repeat the contents from the 
database in a static config file.

And if local clients (which are allowed for recursion) never land on the 
auth server, they cannot resolve local names! That sounds a bit stupid 
to me.

So how is this supposed to work? Can I still use PowerDNS or will I have 
to find another solution that has the same features as PowerDNS 4.0.9?

I'm feeling like the most basic one-server environment has just been 


More information about the Pdns-users mailing list