To be clear, in our case, the exact same data is returned, just from
different sources.
On 1/10/12 4:21 PM, Chris Moates wrote:
We have a different use case but similar situation. In our case, we
are (unfortunately) using the same domain both internally and
externally. So some entries only exist internally, some only
externally, and some both, but with different IP's. Here's an example:
web1.domain.com <http://web1.domain.com> has a 10.x and 208.x address,
depending on if you're outside or inside.
www.domain.com <http://www.domain.com> only exists externally
database.domain.com <http://database.domain.com> only exists internally
What I'd like to do is have our internal DNS servers try asking the
outside DNS servers when they don't have a record. What we have to do
now is copy the relevant records across and maintain them in two
places. Previously, we had accomplished this with Bind's split views,
but that had it's own share of issues.
I've toyed with implementing a backend that would query the external
server, as it seems my best option. I just haven't gotten to
completing it yet. Sort of a "also ask this DNS server" backend.
Cheers,
Chris
On Tue, Jan 10, 2012 at 6:44 PM, Rory Toma <[email protected]
<mailto:[email protected]>> wrote:
I noticed I failed to reply to the list...
-------- Original Message --------
Subject: Re: [Pdns-users] Recursion when Powerdns auth servers is
SOA
Date: Tue, 10 Jan 2012 14:56:13 -0800
From: Rory Toma <[email protected]> <mailto:[email protected]>
To: bert hubert <[email protected]>
<mailto:[email protected]>
On 1/10/12 2:48 PM, bert hubert wrote:
On Jan 10, 2012, at 11:37 PM, Rory Toma wrote:
"To make sure that the local authoritative database overrides
recursive information, PowerDNS first tries to answer a question
from its own database. If that succeeds, the answer packet is
sent back immediately without involving the recursor in any way.
This means that for questions for which there is no answer,
PowerDNS will consult the recursor for an recursive query, even
if PowerDNS is authoritative for a domain! This will only cause
problems if you 'fake' domains which don't really exist."
What I want to do is have powerdns consult the recursor even of
powerdns is authoritative for a domain. This is what I can' seem
to get to work.
I think we no longer do this, and that the documentation is in
that case out of date. It complicated things too badly.
If you want to override the internet, you may have more success
the other way around, put a PowerDNS Recursor with specific
authoritative data as an auth server.
Bert
I'll explain my problem in a little more detail, and then perhaps
suggestions can flow:
We are using dns as a registration system. Devices contact a
server and register, a dns record is created. For the sake of this
discussion, I'll refer to this as old registration system (bind
and old registration servers) and new registration system
(powerdns and new server)
Many "apps" need to look up the information in dns, we have a
keepalived fault tolerant IP address that points to a name server
(currently bind), but we'd like to switch this to powerdns.
However, we can't just switch all the dns records over at once,
there has to be a transition period. So, we'd like to switch over
to powerdns and new registration server. All new records will
exist in powerdns. Eventually, all the old records will migrate as
clients re-register.
So, when someone queries the new server, it needs to look up the
data first in powerdns, and if it isn't there, recurse.
I tried putting the powerdns recursor in front. It did not work
for me, as each backend server thinks it is authoritative. So if
it happens to query that one first, it returns NXDOMAIN and never
looks at the next one in the list.
_______________________________________________
Pdns-users mailing list
[email protected]
<mailto:[email protected]>
http://mailman.powerdns.com/mailman/listinfo/pdns-users
_______________________________________________
Pdns-users mailing list
[email protected]
http://mailman.powerdns.com/mailman/listinfo/pdns-users
_______________________________________________
Pdns-users mailing list
[email protected]
http://mailman.powerdns.com/mailman/listinfo/pdns-users
