[Pdns-users] Configuring PowerDNS Recursor 4.4 to use the hosting provider nameservers

Jaume Sabater jsabater at gmail.com
Mon May 9 07:16:09 UTC 2022 

Hello everyone!

I have a Proxmox cluster on Hetzner with three nodes in which I have just
configured two LinuX Container with PowerDNS Authoritative Server in
primary/secondary configuration, using autoprimary (supermaster mode) and
listening on port 5300. They serve two local zones (one forward, one
reverse).

In these containers there is also PowerDNS Recursor listening on port 53.
These two containers have both a private and a public IP address (they
serve through the private IP address and access the Internet through the
public IP address).

This is the configuration of the recursor:

forward-zones=example.com=127.0.0.1:5300
forward-zones+=0.168.192.in-addr.arpa=127.0.0.1:5300
local-address=0.0.0.0, ::

Firewall on port 53 is only open in the private IP address, not the public
one.

Now I would like the PowerDNS Recursor to use the nameservers provided by
Hetzner, which are 185.12.64.1 and 185.12.64.2. As far as I have been able
to find out through the documentation and the Internet, there are two
possibilities:

1. Configure /etc/resolv.conf as follows:

nameserver 127.0.0.1
nameserver 185.12.64.1
nameserver 185.12.64.2

2. Use the directive forward-zones-recurse in the configuration, as follows:

forward-zones-recurse=.=185.12.64.1;185.12.64.2

I have also read about using forward-zones but I am not sure how. And then
there is also the possiblity of using forward-zones-file for the forward
zones *example.com <http://example.com>* and *0.168.192.in-addr.arpa*, but
that would be just cosmetic IMHO.

All the information I've been able to find was quite old, so it referred to
older versions of the software.

Could anyone please confirm that using the directive forward-zones-recurse
is the right way to do what I am trying to do?

The last time I did this was about 20 years ago, using BIND, and the
equivalent would be the forwarders {} directive in the options {} section.

Thanks in advance.

P.S. The setup is working fine at the moment, it's just that I guess that
it's using the root servers and I'd rather use the hosting provider ones.

-- 
Jaume Sabater
"Ubi sapientas ibi libertas"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20220509/bb6c103e/attachment.htm>

More information about the Pdns-users mailing list