[Pdns-users] Overlay or pass-through support in PDNS?

[abang at t-ipnet.net]

Hi Eli,

To keep it simple, you could implement the solution outside the DNS server by generating the different zones from a unified source, that contains both information about each RR.

Winfried 


Am 3. August 2022 01:43:38 MESZ schrieb eli glynn via Pdns-users <pdns-users at mailman.powerdns.com>:
>I've recently inherited a really ugly mess at my company, involving a
>muddle of PowerDNS, Route53, NS1, and just about every mixed up interaction
>you could imagine between them all.
>
>The biggest part of the jumble is the way PowerDNS was used as a poor-mans
>split horizon - we have a large number of records which point at internal
>(e.g. 10.x) ranges, with duplicate entries in Route53 AND/OR NS1 (don't
>ask) usually pointing at routable IPs.  There's a lot of badness beyond
>just that, but the majority of my pain is from that basic situation.
>
>Because the client systems are pointed at PDNS, and it considers itself
>authoritative, we're forced to duplicate ALL external records (overridden
>or not) within PDNS, or NXDOMAINs result.  This of course leads to two (or
>sometimes three) sources of truth for all RRs, and historically the needed
>due diligence has not been performed to keep them in sync.
>
>Long story short, in order to clean up the mess, I'm hoping to implement an
>"overlay" in PowerDNS, whereby PDNS only contains the RRs which it needs to
>override.  If a record would normally be identical to the external value
>(Route53 or NS1) then rather than duplicating it, I'd like PowerDNS to fail
>through and do a recursive lookup externally, returning that value to the
>client.  So basically, if an NXDOMAIN or NODATA would be returned for a
>zone PDNS considers itself authoritative for, it instead recurses and emits
>whatever comes back from there.
>
>It seems this should be doable using a `postresolve()` hook, or even better
>`nxdomain()` combined with `nodata()` to minimize Lua roundtrips.  But I'm
>having a heckuva time implementing the recursion part.  I can't find any
>canned tooling within Lua to do something theoretically simple (e.g. what
>in python you'd do with `import socket ; return
>socket.gethostbyname("blah")`).  I've also considered writing a custom
>backend but would prefer to keep things simple if at all possible
>
>I know this is an unusual use-case (though I can see where such an
>"overlay" could be very useful in a number of scenarios).
>
>Any feedback would be appreciated - suggestions, alternate approaches, or
>even a flat "you can't do that in PowerDNS" if such is the case - it will
>save me a lot of cycles if so :)
>
>Thanks all!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20220804/11955120/attachment.htm>