[Pdns-users] DNS Forwarding on Master/Slave Servers

Brian Candler b.candler at pobox.com
Sat May 8 18:41:23 UTC 2021


On 08/05/2021 16:14, Steven Garner wrote:
> If I want to provide authoritative dns for several hundred public 
> domains, am I correct that (as of version  4.1.0), I need to install 
> PowerDNS Recursor (v 4.5.X) and dnsdist (v 1.6.X) in addition to 
> PowerDNS Authoritative Server (v 4.4.X), to allow for recursion?  I'm 
> following the migration plan scenario 2 under 
> https://doc.powerdns.com/authoritative/guides/recursion.html 
> <https://doc.powerdns.com/authoritative/guides/recursion.html>.
>
Best practice (regardless of which DNS software you use) is to keep 
authoritative and recursive DNS entirely separate: typically different 
physical servers, or at least separate VMs, and certainly on different 
IP addresses.

That dnsdist guide is if you have no choice but to frig it so that 
recursive and auth DNS *must* be served from the same IP address.  My 
advice is: don't do it.  Either change your clients to point to a 
different recursor IP address, or renumber your authoritative DNS - 
whichever is easier in your environment.



More information about the Pdns-users mailing list