On 1/14/2012 8:46 AM, Peter van Dijk wrote:
Hello Daniel,

On Jan 14, 2012, at 11:57 , Daniel L. Miller wrote:

I'm confused as to the proper pairing of the authoritative server vs the 
recursor.  I have a small LAN and provide authoritative DNS for a handful of 
sites.  In the past, using other DNS software (djbdns), my configuration was:

1.  An authoritative server for Internet domain names hosted by me.  Reachable 
by internet clients.
2.  An authoritative server for internal domain names.  Only visible to the LAN 
recursor.
3.  A caching recursive server, accessible by the LAN clients, that had a list of 
local authoritative servers&  domains as well as direct queries to the Internet.

So my authoritative Internet server was reachable via public IP, my internal 
authoritative listened on localhost, and my internal caching recursor was 
pushed via DHCP to my LAN clients.  I have setup a similar configuration using 
pdns - the authoritative is reachable via public IP, and the recursor has a 
forward-zone file and is pushed to the clients via DHCP.  So my LAN clients 
query the recursor - not the pdns authoritative server.

My question - this works, but is it "correct" usage with pdns?
Yes, this is a fine setup. LAN clients (workstations) cannot talk directly to 
auths (unless those auths also proxy to a recursor).

There is one possible variant (that djbdns would not support): if you use 
'auth-zones=' in recursor.conf, you can do without the internal auth.


Where I'm confused is it APPEARS pdns is designed to work the other way - with a visible auth server which contacts the recursor when required. Does it matter?

--
Daniel
_______________________________________________
Pdns-users mailing list
[email protected]
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Reply via email to