Hi, we're trying to make our DNS infrastructure great again. Currently we use Bind as recursive servers for our clients (we're a small ISP) and nsd for authoritative domains. This is what I'm heading to do: - run 2+ powerdns servers as authoritative for public domains as well as our internal domains - run 2+ dnsdist servers as load balancer with regex and ip dependant rules - run xyz as recursive nameserver for our dialup / fibre clients
We have domains hosted for ourselves but also customers. We would like to host those with powerdns with replicated postgres. As powerdns does not have ACL we plan to run dnsdist in front of the powerdns in order to make better decisions what to do with requests: requests from the www, recursive: REFUSE requests from the www, authoritative public domain: forward to powerdns requests from the www, authoritative private domain: REFUSE requests from our internal network, recursive: won't happen requests from our internal network, authoritative public domain: forward to powerdns requests from our internal network, authoritative private domain: forward to powerdns The plan is to protect our private domains from being resolved from any public IP. Will such kind of filter have big performance implications? What is best practice to do so? Thank you -- Jochen Demmer System- und Netzwerkspezialist RelAix Networks GmbH Auf der Hüls 172 52068 Aachen Tel.: 0241 / 990001-206 Fax: 0241 / 990001-149 E-Mail: [email protected] Internet: http://www.relaix.net/ Geschäftsführer: Thomas Neugebauer Amtsgericht Aachen, HRB 15108 _______________________________________________ dnsdist mailing list [email protected] https://mailman.powerdns.com/mailman/listinfo/dnsdist
