[Pdns-users] Configuring PowerDNS Recursor 4.4 to use the hosting provider nameservers
Otto Moerbeek
otto at drijf.net
Mon May 9 15:53:28 UTC 2022
On Mon, May 09, 2022 at 09:16:09AM +0200, Jaume Sabater via Pdns-users wrote:
> Hello everyone!
>
> I have a Proxmox cluster on Hetzner with three nodes in which I have just
> configured two LinuX Container with PowerDNS Authoritative Server in
> primary/secondary configuration, using autoprimary (supermaster mode) and
> listening on port 5300. They serve two local zones (one forward, one
> reverse).
>
> In these containers there is also PowerDNS Recursor listening on port 53.
> These two containers have both a private and a public IP address (they
> serve through the private IP address and access the Internet through the
> public IP address).
>
> This is the configuration of the recursor:
>
> forward-zones=example.com=127.0.0.1:5300
> forward-zones+=0.168.192.in-addr.arpa=127.0.0.1:5300
> local-address=0.0.0.0, ::
>
> Firewall on port 53 is only open in the private IP address, not the public
> one.
>
> Now I would like the PowerDNS Recursor to use the nameservers provided by
> Hetzner, which are 185.12.64.1 and 185.12.64.2. As far as I have been able
> to find out through the documentation and the Internet, there are two
> possibilities:
>
> 1. Configure /etc/resolv.conf as follows:
>
> nameserver 127.0.0.1
> nameserver 185.12.64.1
> nameserver 185.12.64.2
>
> 2. Use the directive forward-zones-recurse in the configuration, as follows:
>
> forward-zones-recurse=.=185.12.64.1;185.12.64.2
>
> I have also read about using forward-zones but I am not sure how. And then
> there is also the possiblity of using forward-zones-file for the forward
> zones *example.com <http://example.com>* and *0.168.192.in-addr.arpa*, but
> that would be just cosmetic IMHO.
>
> All the information I've been able to find was quite old, so it referred to
> older versions of the software.
>
> Could anyone please confirm that using the directive forward-zones-recurse
> is the right way to do what I am trying to do?
>
> The last time I did this was about 20 years ago, using BIND, and the
> equivalent would be the forwarders {} directive in the options {} section.
>
> Thanks in advance.
>
> P.S. The setup is working fine at the moment, it's just that I guess that
> it's using the root servers and I'd rather use the hosting provider ones.
>
> --
> Jaume Sabater
> "Ubi sapientas ibi libertas"
Part 1. only configures the resolvers used by the machine itself and
has no consequence for the recursor running on the machine.
Part 2. Looks sane. But there's nothing wrong leaving it out. In that
case the recursor will indeed start at the root servers to find the
servers authoritative for the domain in the question.
Could you be more specific what you are missing from the official docs
wrt configuring the recursor?
https://docs.powerdns.com/recursor/settings.html#forward-zones and
further down for forward-zones-recurse.
If anything is missing or unclear, please specify what, or even
better, prepare a PR to improve the docs.
-Otto
More information about the Pdns-users
mailing list