Thanks, I'm trying this now, but there must be some syntax differences
in the files. I can't seem to get it to load a mysql backend even though
I have my launch line set up.
On 1/11/12 7:03 AM, Parish, Brent wrote:
I ended up having to go back to 2.9.22 to make this work. L
In our case, we have Windows (Active Directory/DNS) housing some of
the (internal) domain, and PowerDNS storing other records.
To make Windows happy, it is authoritative over a subdomain (e.g.
sub.example.com), while PowerDNS handles the parent example.com.
The issue we especially run into is reverse (PTR) records. In our
environment, hosts from both domains are in the same IP range (e.g.
10.10.128.x).
Sooo, when you go for a reverse lookup on 10.10.128.45 (for example),
we get into trouble with DNS servers being authoritative over that
reverse zone (e.g. 128.10.10.in-addr.arpa), because that record might
live in Windows or PowerDNS.
In addition, we also have some (public IP) records hosted outside our
firewall (but still using the internal example.com domain name
space). If I use the old PowerDNS, it doesn't matter that those
records are hosted elsewhere but within the internal name space --
PowerDNS doesn't know the answer and simply recourses it out for
resolution.
That's why I really like the old PowerDNS ability to consult other DNS
servers for answers, even within a domain that PowerDNS is considered
"authoritative" for -- its an awesome feature we rely on very heavily
here!!!! =)
I don't have a clue how easy or hard that would be to code, but I
would love it if that was still available in the new (3.x) PowerDNS!!!
Perhaps even if it was just an option you could toggle on and off (off
by default to save on the confusion you mentioned).
Just my 2 cents.
Thanks,
Brent
*From:*[email protected]
[mailto:[email protected]] *On Behalf Of *Rory Toma
*Sent:* Tuesday, January 10, 2012 6:44 PM
*To:* [email protected]
*Subject:* [Pdns-users] Fwd: Re: Recursion when Powerdns auth servers
is SOA
I noticed I failed to reply to the list...
-------- Original Message --------
*Subject: *
Re: [Pdns-users] Recursion when Powerdns auth servers is SOA
*Date: *
Tue, 10 Jan 2012 14:56:13 -0800
*From: *
Rory Toma <[email protected]> <mailto:[email protected]>
*To: *
bert hubert <[email protected]> <mailto:[email protected]>
On 1/10/12 2:48 PM, bert hubert wrote:
On Jan 10, 2012, at 11:37 PM, Rory Toma wrote:
"To make sure that the local authoritative database overrides
recursive information, PowerDNS first tries to answer a question from
its own database. If that succeeds, the answer packet is sent back
immediately without involving the recursor in any way. This means that
for questions for which there is no answer, PowerDNS will consult the
recursor for an recursive query, even if PowerDNS is authoritative for
a domain! This will only cause problems if you 'fake' domains which
don't really exist."
What I want to do is have powerdns consult the recursor even of
powerdns is authoritative for a domain. This is what I can' seem to
get to work.
I think we no longer do this, and that the documentation is in that
case out of date. It complicated things too badly.
If you want to override the internet, you may have more success the
other way around, put a PowerDNS Recursor with specific authoritative
data as an auth server.
Bert
I'll explain my problem in a little more detail, and then perhaps
suggestions can flow:
We are using dns as a registration system. Devices contact a server
and register, a dns record is created. For the sake of this
discussion, I'll refer to this as old registration system (bind and
old registration servers) and new registration system (powerdns and
new server)
Many "apps" need to look up the information in dns, we have a
keepalived fault tolerant IP address that points to a name server
(currently bind), but we'd like to switch this to powerdns. However,
we can't just switch all the dns records over at once, there has to be
a transition period. So, we'd like to switch over to powerdns and new
registration server. All new records will exist in powerdns.
Eventually, all the old records will migrate as clients re-register.
So, when someone queries the new server, it needs to look up the data
first in powerdns, and if it isn't there, recurse.
I tried putting the powerdns recursor in front. It did not work for
me, as each backend server thinks it is authoritative. So if it
happens to query that one first, it returns NXDOMAIN and never looks
at the next one in the list.
_______________________________________________
Pdns-users mailing list
[email protected]
http://mailman.powerdns.com/mailman/listinfo/pdns-users
_______________________________________________
Pdns-users mailing list
[email protected]
http://mailman.powerdns.com/mailman/listinfo/pdns-users
