Hello Daniel,

On Jan 14, 2012, at 11:57 , Daniel L. Miller wrote:

> I'm confused as to the proper pairing of the authoritative server vs the 
> recursor.  I have a small LAN and provide authoritative DNS for a handful of 
> sites.  In the past, using other DNS software (djbdns), my configuration was:
> 
> 1.  An authoritative server for Internet domain names hosted by me.  
> Reachable by internet clients.
> 2.  An authoritative server for internal domain names.  Only visible to the 
> LAN recursor.
> 3.  A caching recursive server, accessible by the LAN clients, that had a 
> list of local authoritative servers & domains as well as direct queries to 
> the Internet.
> 
> So my authoritative Internet server was reachable via public IP, my internal 
> authoritative listened on localhost, and my internal caching recursor was 
> pushed via DHCP to my LAN clients.  I have setup a similar configuration 
> using pdns - the authoritative is reachable via public IP, and the recursor 
> has a forward-zone file and is pushed to the clients via DHCP.  So my LAN 
> clients query the recursor - not the pdns authoritative server.
> 
> My question - this works, but is it "correct" usage with pdns?

Yes, this is a fine setup. LAN clients (workstations) cannot talk directly to 
auths (unless those auths also proxy to a recursor). 

There is one possible variant (that djbdns would not support): if you use 
'auth-zones=' in recursor.conf, you can do without the internal auth.

Kind regards,
Peter van Dijk

_______________________________________________
Pdns-users mailing list
[email protected]
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Reply via email to