[Pdns-users] Overlay or pass-through support in PDNS?
Winfried Angele
abang at t-ipnet.net
Wed Aug 3 06:53:11 UTC 2022
Hi Eli,
On 03.08.22 01:43, eli glynn via Pdns-users wrote:
> I've recently inherited a really ugly mess at my company, involving a
> muddle of PowerDNS, Route53, NS1, and just about every mixed up
> interaction you could imagine between them all.
>
> The biggest part of the jumble is the way PowerDNS was used as a
> poor-mans split horizon - we have a large number of records which point
> at internal (e.g. 10.x) ranges, with duplicate entries in Route53 AND/OR
> NS1 (don't ask) usually pointing at routable IPs. There's a lot of
> badness beyond just that, but the majority of my pain is from that basic
> situation.
>
> Because the client systems are pointed at PDNS, and it considers itself
> authoritative, we're forced to duplicate ALL external records
Not sure if I got that right, but "clients" may only ask a Resolver
(PowerDNS Recursor) and never an Auth (PowerDNS Authoritative).
> (overridden or not) within PDNS, or NXDOMAINs result. This of course
> leads to two (or sometimes three) sources of truth for all RRs, and
> historically the needed due diligence has not been performed to keep
> them in sync.
>
> Long story short, in order to clean up the mess, I'm hoping to implement
> an "overlay" in PowerDNS, whereby PDNS only contains the RRs which it
> needs to override. If a record would normally be identical to the
> external value (Route53 or NS1) then rather than duplicating it, I'd
> like PowerDNS to fail through and do a recursive lookup externally,
> returning that value to the client. So basically, if an NXDOMAIN or
> NODATA would be returned for a zone PDNS considers itself authoritative
> for, it instead recurses and emits whatever comes back from there.
>
> It seems this should be doable using a `postresolve()` hook, or even
> better `nxdomain()` combined with `nodata()` to minimize Lua
> roundtrips. But I'm having a heckuva time implementing the recursion
> part. I can't find any canned tooling within Lua to do something
> theoretically simple (e.g. what in python you'd do with `import socket ;
> return socket.gethostbyname("blah")`). I've also considered writing a
> custom backend but would prefer to keep things simple if at all possible
>
> I know this is an unusual use-case (though I can see where such an
> "overlay" could be very useful in a number of scenarios).
>
> Any feedback would be appreciated - suggestions, alternate approaches,
> or even a flat "you can't do that in PowerDNS" if such is the case - it
> will save me a lot of cycles if so :)
What about Recursoes "forward-zones" or "forward-zones-file" features?
This way you could forward queries for your internal Domain Names to
your internal Auhoritative Nameserver.
https://doc.powerdns.com/recursor/settings.html#forward-zones
https://doc.powerdns.com/recursor/settings.html#forward-zones-file
Winfried
More information about the Pdns-users
mailing list