Hi. My pdns.conf file looks like this:
allow-recursion-override=no daemon=yes launch=gmysql gmysql-host=127.0.0.1 gmysql-user=username gmysql-dbname=database gmysql-password=password lazy-recursion=yes recursor=10.10.10.10 Where the recursor IP is the Windows DNS server. I wouldn't put any faith in my config though, PowerDNS guru (or DNS guru for that matter!) I am not!!! That's just what worked for me and I'm posting it here in case it helps others who might be in my situation where I want PowerDNS to *always* forward the request on if it does not know the answer itself, regardless of the domain. Thanks, Brent From: Rory Toma [mailto:[email protected]] Sent: Wednesday, January 11, 2012 9:07 PM To: Parish, Brent Cc: [email protected] Subject: Re: [Pdns-users] Fwd: Re: Recursion when Powerdns auth servers is SOA Hmm... got powerdns to start up now, but it does not send out queries to the recursor in this version, either for me. I have twiddled the allow-recursion-override and lazy recursion, but no luck. On 1/11/12 7:03 AM, Parish, Brent wrote: I ended up having to go back to 2.9.22 to make this work. :( In our case, we have Windows (Active Directory/DNS) housing some of the (internal) domain, and PowerDNS storing other records. To make Windows happy, it is authoritative over a subdomain (e.g. sub.example.com), while PowerDNS handles the parent example.com. The issue we especially run into is reverse (PTR) records. In our environment, hosts from both domains are in the same IP range (e.g. 10.10.128.x). Sooo, when you go for a reverse lookup on 10.10.128.45 (for example), we get into trouble with DNS servers being authoritative over that reverse zone (e.g. 128.10.10.in-addr.arpa), because that record might live in Windows or PowerDNS. In addition, we also have some (public IP) records hosted outside our firewall (but still using the internal example.com domain name space). If I use the old PowerDNS, it doesn't matter that those records are hosted elsewhere but within the internal name space - PowerDNS doesn't know the answer and simply recourses it out for resolution. That's why I really like the old PowerDNS ability to consult other DNS servers for answers, even within a domain that PowerDNS is considered "authoritative" for - its an awesome feature we rely on very heavily here!!!! =) I don't have a clue how easy or hard that would be to code, but I would love it if that was still available in the new (3.x) PowerDNS!!! Perhaps even if it was just an option you could toggle on and off (off by default to save on the confusion you mentioned). Just my 2 cents. Thanks, Brent From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Rory Toma Sent: Tuesday, January 10, 2012 6:44 PM To: [email protected]<mailto:[email protected]> Subject: [Pdns-users] Fwd: Re: Recursion when Powerdns auth servers is SOA I noticed I failed to reply to the list... -------- Original Message -------- Subject: Re: [Pdns-users] Recursion when Powerdns auth servers is SOA Date: Tue, 10 Jan 2012 14:56:13 -0800 From: Rory Toma <[email protected]><mailto:[email protected]> To: bert hubert <[email protected]><mailto:[email protected]> On 1/10/12 2:48 PM, bert hubert wrote: On Jan 10, 2012, at 11:37 PM, Rory Toma wrote: "To make sure that the local authoritative database overrides recursive information, PowerDNS first tries to answer a question from its own database. If that succeeds, the answer packet is sent back immediately without involving the recursor in any way. This means that for questions for which there is no answer, PowerDNS will consult the recursor for an recursive query, even if PowerDNS is authoritative for a domain! This will only cause problems if you 'fake' domains which don't really exist." What I want to do is have powerdns consult the recursor even of powerdns is authoritative for a domain. This is what I can' seem to get to work. I think we no longer do this, and that the documentation is in that case out of date. It complicated things too badly. If you want to override the internet, you may have more success the other way around, put a PowerDNS Recursor with specific authoritative data as an auth server. Bert I'll explain my problem in a little more detail, and then perhaps suggestions can flow: We are using dns as a registration system. Devices contact a server and register, a dns record is created. For the sake of this discussion, I'll refer to this as old registration system (bind and old registration servers) and new registration system (powerdns and new server) Many "apps" need to look up the information in dns, we have a keepalived fault tolerant IP address that points to a name server (currently bind), but we'd like to switch this to powerdns. However, we can't just switch all the dns records over at once, there has to be a transition period. So, we'd like to switch over to powerdns and new registration server. All new records will exist in powerdns. Eventually, all the old records will migrate as clients re-register. So, when someone queries the new server, it needs to look up the data first in powerdns, and if it isn't there, recurse. I tried putting the powerdns recursor in front. It did not work for me, as each backend server thinks it is authoritative. So if it happens to query that one first, it returns NXDOMAIN and never looks at the next one in the list. _______________________________________________ Pdns-users mailing list [email protected]<mailto:[email protected]> http://mailman.powerdns.com/mailman/listinfo/pdns-users
_______________________________________________ Pdns-users mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-users
