[Pdns-users] AXFR Zone Transfer Problem
Kenneth Marshall
ktm at rice.edu
Fri Jan 8 17:00:28 UTC 2021
On Fri, Jan 08, 2021 at 04:47:29PM +0000, Ralph via Pdns-users wrote:
> Hi Brian,
>
> Thank you for the fast response.
> Exactly, recursor runs on port 53. Pdns-auth runs on the same ip with port 5300.
>
> Is this even possible to add a port to the master ip on the slave ?
>
> As I understood it correctly I require the recursor.
> It isn’t possible to do recursion with the pdns-with, right?
>
>
> BR
> Chris
Hi Chris,
Here is our basic NAT iptables rules to handle this here:
######################################################################
# Allow Rice hosts to access the recursive name server on post 53.
# Pass non-Rice hosts to authoritative name server on port 553.
######################################################################
*nat
:DNS-ROUTE - [0:0]
## We will only affect in-coming traffic to port 53:
-A PREROUTING -p udp --dport 53 -j DNS-ROUTE
-A PREROUTING -p tcp --dport 53 -j DNS-ROUTE
## Let Rice hosts access the recursor (on post 53):
-A DNS-ROUTE -s 128.42.0.0/16 -j ACCEPT
## Divert all others to the authoritative server on port 553:
-A DNS-ROUTE -p udp -m udp -j DNAT --to-destination :553
-A DNS-ROUTE -p tcp -m tcp -j DNAT --to-destination :553
COMMIT
Regards,
Ken
More information about the Pdns-users
mailing list