On Thu, Apr 26, 2012 at 4:19 PM, Tibor Benke <[email protected]> wrote: > Hi Peter,
Hi Tibor, > I have an authoritative server with version 2.9.22 and a recursor with > 3.2. These run on debian squezee. I have a network and the hosts of > this network have public IP addresses. I would like to run the > recursive and the authoritative server on the same host. Currently the > authoritative server is in front of the recursor. The authoritative > listens on the port 53 and if the request is not authoritative for the > query it passes it to the recursor that listens on [::1]:10053 and > 127.0.0.1:10053. > > I would like to enable the recursion only on my network, meanwhile the > whole world should reach the authoritative server. As all queries that are being proxied from the authoritative Server to the recursive Server on 127.0.0.1 or ::1 are coming from localhost you will only need to enable recursive queries from 127.0.0.1/32 and ::1/128 in your recursor.conf, however there is another setting that enables you to limit recursive queries to your authoritative server. -> http://doc.powerdns.com/all-settings.html allow-recursion=... By specifying allow-recursion, recursion can be restricted to netmasks specified. The default is to allow recursion from everywhere. Example: allow-recursion=192.168.0.0/24, 10.0.0.0/8, 1.2.3.4. You may also want to set lazy-recursion=... On by default as of 2.1. Checks local data first before recursing. in your pdns.conf. Is this about the setup that is giving you server failure responses instead of the refused answer you would like to see? I fear there is not much to be done about this one then as i think this is hardcoded in the authoritative server. Stefan _______________________________________________ Pdns-users mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-users
