[Pdns-users] PowerDNS Recursor Performance and Tuning

[Hamed Haghshenas]

Hello Dears,

 

I Configure PowerDNS Recursor with below configuration :

 

allow-from-file=/etc/pdns-recursor/IP-Iran-List.txt

setuid=pdns-recursor

setgid=pdns-recursor

local-address=127.0.0.1 x.x.x.x

any-to-tcp=yes

distribution-load-factor=1.25

pdns-distributes-queries=yes

distributor-threads=1

logging-facility=0

max-tcp-queries-per-connection=10

quiet=no

reuseport=yes

threads=3

 

 

When I check with https://dnscheck.tools/, I have some errors like:

 

##########################################################

Oh no! Your dns responses are NOT properly authenticated! You may be
susceptible to certain attacks such as dns cache poisoning.

 

And

 

Your dns security:

DNSSEC (FAIL)

*	Valid signature: connected
*	Invalid signature: connected
*	Expired signature: connected
*	Missing signature: connected

#################################

But when try using 8.8.8.8 different :

 

Great! Your dns responses are authenticated, protecting you from certain
attacks

 

Your dns security:

DNSSEC (PASS)

*	Valid signature: connected
*	Invalid signature: not connected
*	Expired signature: not connected
*	Missing signature: not connected

How can I secure my dns Recursor? I try read document about dnssec in
powerdns wiki but can't understand what should I do ?

 

Best Regards,

Hamed Haghshenas

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20220119/ad1ead01/attachment-0001.htm>