[Pdns-users] Powerdns server is not passing Authority parameter

Dedan Irungu dedanirungu at gmail.com
Tue Jan 19 09:40:42 UTC 2021 

Attached is the powerdns configuration file.



On Tue, Jan 19, 2021 at 12:21 PM <frank+pdns at tembo.be> wrote:

> Hi,
>
> Could you share the configuration of the PDNS Auth server please?
>
> Frank Louwers
> Certified PowerDNS Consultant @ Kiwazo.be
>
> On 19 Jan 2021, at 10:08, Dedan Irungu via Pdns-users <
> pdns-users at mailman.powerdns.com> wrote:
>
> I have made the changes request as soon below. The server does not
> serve authoritative results.
>
>     setLocal('85.10.203.183')
>     setACL({'0.0.0.0/0', '::/0'}) -- Allow all IPs access
>
>     newServer({address='85.10.203.183:5300', pool='auth'})
>     newServer({address='85.10.203.183:5301', pool='recursor'})
>
>     recursive_ips = newNMG()
>     recursive_ips:addMask('127.0.0.1/8') -- These network masks are the
> ones from allow-recursion in the Authoritative Server
>
>     addAction(NetmaskGroupRule(recursive_ips), PoolAction('recursor'))
>     addAction(AllRule(), PoolAction('auth'))
>
>
>
> I have tried to target powerdns directly via port 5300 but the result is
> the same. Any dig performed on port 5300 should be authoritative but in
> this case it is not.
>
> dig @85.10.203.183 gifsitebuilder.com A -p 5300
>
>
>
>
> On Tue, Jan 19, 2021 at 11:51 AM Brian Candler <b.candler at pobox.com>
> wrote:
>
>> On 19/01/2021 08:40, Dedan Irungu via Pdns-users wrote:
>>
>>      recursive_ips:addMask('0.0.0.0/0') -- These network masks are the
>> ones from allow-recursion in the Authoritative Server
>>
>>      addAction(NetmaskGroupRule(recursive_ips), PoolAction('recursor'))
>>
>> These two lines together say: "for incoming queries from *any* IP
>> addresses: send them to the recursor".
>>
>> Try changing the first one to something like:
>>
>>     recursive_ips:addMask('192.168.0.0/16 <http://0.0.0.0/0>')   --
>> netblock containing your local clients
>>
>> Then queries from 192.168.x.x will go to the recursor, whereas queries
>> from any *other* addresses will go to the authoritative server.
>>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users
>
>
> Frank Louwers
> PowerDNS Certified Consultant @ Kiwazo.be
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20210119/b7554588/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pdns.conf
Type: application/octet-stream
Size: 17277 bytes
Desc: not available
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20210119/b7554588/attachment-0001.obj>

More information about the Pdns-users mailing list