[Pdns-users] Share DNS-Records between two zones/views (internal & external)
Kevin P. Fleming
lists.pdns-users at kevin.km6g.us
Wed Nov 15 16:53:11 UTC 2023
On Wed, Nov 15, 2023, at 11:05, Brian Candler via Pdns-users wrote:
> On 15/11/2023 14:53, sebastian-n-95--- via Pdns-users wrote:
>> Hey,
>>
>> I am considering migrating my current BIND-Based setup to PowerDNS.
>>
>> For multiple zones, I currently have split-view in bind, so that I can define DNS-Records available only for internal clients.
>>
>> To achieve this, I have the following zonefiles:
>>
>> mydomain.com.ext.zone <- This zonefile is used for the external view
>> mydomain.com.int.zone <- This zonesfile is used for the internal view
>>
>> But I also have:
>> mydomain.com.include <- This file is included in both zonefiles, so records defined there are available in both zones.
>>
>>
>> I was wondering, how I could replicate a setup like this in PowerDNS.
> BIND combines the roles of authoritative server and recursor; PowerDNS has separate programs (pdns and pdns-recursor)
>
> Split views are IMO a bad idea anyway, but if you wanted to do it you would need to do something like this:
>
>
> 1. Run pdns-recursor for your internal clients to use
> 2. Run an instance of pdns-auth with your internal zones
>
There is another option to consider:
1. Run pdns-recursor for your internal clients to use
2. Run pdns-auth for the external view of the zones
3. Install a Response Policy Zone (RPZ) in the recursor to *override* the results provided by the auth for queries from internal clients
Those overrides can add new records, hide existing records, or replace records with alternative answers.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20231115/32bebc66/attachment.htm>
More information about the Pdns-users
mailing list