I noticed I failed to reply to the list...
-------- Original Message --------
Subject: Re: [Pdns-users] Recursion when Powerdns auth servers is SOA
Date: Tue, 10 Jan 2012 14:56:13 -0800
From: Rory Toma <[email protected]>
To: bert hubert <[email protected]>
On 1/10/12 2:48 PM, bert hubert wrote:
On Jan 10, 2012, at 11:37 PM, Rory Toma wrote:
"To make sure that the local authoritative database overrides
recursive information, PowerDNS first tries to answer a question from
its own database. If that succeeds, the answer packet is sent back
immediately without involving the recursor in any way. This means
that for questions for which there is no answer, PowerDNS will
consult the recursor for an recursive query, even if PowerDNS is
authoritative for a domain! This will only cause problems if you
'fake' domains which don't really exist."
What I want to do is have powerdns consult the recursor even of
powerdns is authoritative for a domain. This is what I can' seem to
get to work.
I think we no longer do this, and that the documentation is in that
case out of date. It complicated things too badly.
If you want to override the internet, you may have more success the
other way around, put a PowerDNS Recursor with specific authoritative
data as an auth server.
Bert
I'll explain my problem in a little more detail, and then perhaps
suggestions can flow:
We are using dns as a registration system. Devices contact a server and
register, a dns record is created. For the sake of this discussion, I'll
refer to this as old registration system (bind and old registration
servers) and new registration system (powerdns and new server)
Many "apps" need to look up the information in dns, we have a keepalived
fault tolerant IP address that points to a name server (currently bind),
but we'd like to switch this to powerdns. However, we can't just switch
all the dns records over at once, there has to be a transition period.
So, we'd like to switch over to powerdns and new registration server.
All new records will exist in powerdns. Eventually, all the old records
will migrate as clients re-register.
So, when someone queries the new server, it needs to look up the data
first in powerdns, and if it isn't there, recurse.
I tried putting the powerdns recursor in front. It did not work for me,
as each backend server thinks it is authoritative. So if it happens to
query that one first, it returns NXDOMAIN and never looks at the next
one in the list.
_______________________________________________
Pdns-users mailing list
[email protected]
http://mailman.powerdns.com/mailman/listinfo/pdns-users
