Hello Daniel, On Jan 14, 2012, at 11:57 , Daniel L. Miller wrote:
> I'm confused as to the proper pairing of the authoritative server vs the > recursor. I have a small LAN and provide authoritative DNS for a handful of > sites. In the past, using other DNS software (djbdns), my configuration was: > > 1. An authoritative server for Internet domain names hosted by me. > Reachable by internet clients. > 2. An authoritative server for internal domain names. Only visible to the > LAN recursor. > 3. A caching recursive server, accessible by the LAN clients, that had a > list of local authoritative servers & domains as well as direct queries to > the Internet. > > So my authoritative Internet server was reachable via public IP, my internal > authoritative listened on localhost, and my internal caching recursor was > pushed via DHCP to my LAN clients. I have setup a similar configuration > using pdns - the authoritative is reachable via public IP, and the recursor > has a forward-zone file and is pushed to the clients via DHCP. So my LAN > clients query the recursor - not the pdns authoritative server. > > My question - this works, but is it "correct" usage with pdns? Yes, this is a fine setup. LAN clients (workstations) cannot talk directly to auths (unless those auths also proxy to a recursor). There is one possible variant (that djbdns would not support): if you use 'auth-zones=' in recursor.conf, you can do without the internal auth. Kind regards, Peter van Dijk _______________________________________________ Pdns-users mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-users
