[Pdns-users] AXFR Zone Transfer Problem
Brian Candler
b.candler at pobox.com
Fri Jan 8 21:28:04 UTC 2021
On 08/01/2021 21:04, Ralph via Pdns-users wrote:
> Is it possible to put the pdns-auth in front, so that every request for which we are not responsible for gets forwarded to the pdns-recursor?
No, that's not possible.
As I said before, they are doing different jobs. Bind the two processes
to different IP addresses, and preferably put them in separate
containers or VMs.
Your recursor is only used by your internal clients. It can go on a
private IP address, and make outbound queries via NAT if necessary.
You'll want two of them for redundancy.
Your auth server is only contacted by other recursors. It will want a
public IP address to be queried from outside (unless you are serving
entirely private domains). You'll want at least two for redundancy, but
at least one must be off-site on a different network - see RFC 2182.
More information about the Pdns-users
mailing list