On 1/14/2012 8:46 AM, Peter van Dijk wrote:
Hello Daniel,
On Jan 14, 2012, at 11:57 , Daniel L. Miller wrote:
I'm confused as to the proper pairing of the authoritative server vs the
recursor. I have a small LAN and provide authoritative DNS for a handful of
sites. In the past, using other DNS software (djbdns), my configuration was:
1. An authoritative server for Internet domain names hosted by me. Reachable
by internet clients.
2. An authoritative server for internal domain names. Only visible to the LAN
recursor.
3. A caching recursive server, accessible by the LAN clients, that had a list of
local authoritative servers& domains as well as direct queries to the Internet.
So my authoritative Internet server was reachable via public IP, my internal
authoritative listened on localhost, and my internal caching recursor was
pushed via DHCP to my LAN clients. I have setup a similar configuration using
pdns - the authoritative is reachable via public IP, and the recursor has a
forward-zone file and is pushed to the clients via DHCP. So my LAN clients
query the recursor - not the pdns authoritative server.
My question - this works, but is it "correct" usage with pdns?
Yes, this is a fine setup. LAN clients (workstations) cannot talk directly to
auths (unless those auths also proxy to a recursor).
There is one possible variant (that djbdns would not support): if you use
'auth-zones=' in recursor.conf, you can do without the internal auth.
Where I'm confused is it APPEARS pdns is designed to work the other way
- with a visible auth server which contacts the recursor when required.
Does it matter?
--
Daniel
_______________________________________________
Pdns-users mailing list
[email protected]
http://mailman.powerdns.com/mailman/listinfo/pdns-users