[Pdns-users] DNS Forwarding on Master/Slave Servers
Brian Candler
b.candler at pobox.com
Sat May 8 18:41:23 UTC 2021
On 08/05/2021 16:14, Steven Garner wrote:
> If I want to provide authoritative dns for several hundred public
> domains, am I correct that (as of version 4.1.0), I need to install
> PowerDNS Recursor (v 4.5.X) and dnsdist (v 1.6.X) in addition to
> PowerDNS Authoritative Server (v 4.4.X), to allow for recursion? I'm
> following the migration plan scenario 2 under
> https://doc.powerdns.com/authoritative/guides/recursion.html
> <https://doc.powerdns.com/authoritative/guides/recursion.html>.
>
Best practice (regardless of which DNS software you use) is to keep
authoritative and recursive DNS entirely separate: typically different
physical servers, or at least separate VMs, and certainly on different
IP addresses.
That dnsdist guide is if you have no choice but to frig it so that
recursive and auth DNS *must* be served from the same IP address. My
advice is: don't do it. Either change your clients to point to a
different recursor IP address, or renumber your authoritative DNS -
whichever is easier in your environment.
More information about the Pdns-users
mailing list