[Pdns-users] Powerdns server is not passing Authority parameter
Dedan Irungu
dedanirungu at gmail.com
Tue Jan 19 09:08:15 UTC 2021
I have made the changes request as soon below. The server does not
serve authoritative results.
setLocal('85.10.203.183')
setACL({'0.0.0.0/0', '::/0'}) -- Allow all IPs access
newServer({address='85.10.203.183:5300', pool='auth'})
newServer({address='85.10.203.183:5301', pool='recursor'})
recursive_ips = newNMG()
recursive_ips:addMask('127.0.0.1/8') -- These network masks are the
ones from allow-recursion in the Authoritative Server
addAction(NetmaskGroupRule(recursive_ips), PoolAction('recursor'))
addAction(AllRule(), PoolAction('auth'))
I have tried to target powerdns directly via port 5300 but the result is
the same. Any dig performed on port 5300 should be authoritative but in
this case it is not.
dig @85.10.203.183 gifsitebuilder.com A -p 5300
On Tue, Jan 19, 2021 at 11:51 AM Brian Candler <b.candler at pobox.com> wrote:
> On 19/01/2021 08:40, Dedan Irungu via Pdns-users wrote:
>
> recursive_ips:addMask('0.0.0.0/0') -- These network masks are the
> ones from allow-recursion in the Authoritative Server
>
> addAction(NetmaskGroupRule(recursive_ips), PoolAction('recursor'))
>
> These two lines together say: "for incoming queries from *any* IP
> addresses: send them to the recursor".
>
> Try changing the first one to something like:
>
> recursive_ips:addMask('192.168.0.0/16 <http://0.0.0.0/0>') --
> netblock containing your local clients
>
> Then queries from 192.168.x.x will go to the recursor, whereas queries
> from any *other* addresses will go to the authoritative server.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20210119/b0f1fbb3/attachment.htm>
More information about the Pdns-users
mailing list