Hi Peter
I will try to explain what I am trying to achieve. I had actually only wanted
to slave the OpenNic domains and did not realise their root also includes the
typical ICANN domains. Hence why I believed that queries for domains like
google would be passed to the recursor.
I think I have identified three ways to achieve what I want.
1. I could use the bind backend and slave each of the OpenNic domains (e.g.
.free, .geek etc) separately so I become authoritative for them and anything
else (e.g. google.com) gets passed to the recursor. I tried this on bind and
this can be achieved by doing:
zone "free." IN {
type slave;
file "/etc/powerdns/bind/zones/db.root";
masters { 202.83.95.229; };
notify no;
};
This partially works using PDNS's bindbackend, except when the I query a
domain, I only get a list of nameservers in response:
dig @localhost reg.for.free
; <<>> DiG 9.7.3 <<>> @localhost reg.for.free
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61646
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;reg.for.free. IN A
;; AUTHORITY SECTION:
for.free. 18000 IN NS ns1.nic.free.
for.free. 18000 IN NS ns2.nic.free.
;; ADDITIONAL SECTION:
ns1.nic.free. 18000 IN A 202.83.95.228
ns2.nic.free. 18000 IN A 119.31.230.42
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat May 12 06:31:40 2012
;; MSG SIZE rcvd: 102
If there are any powerdns settings I can tweak to get this working or there is
something I am doing wrong, please let me know.
2. I could set forward zones on the recursor for individual OpenNic domains so
they are forwarded to OpenNic resolvers. Although to my knowledge, there is no
wildcard feature (e.g. *.free=ip.address) and this can only be used on
individual domains. Please correct me if I am wrong.
3. I could set the recursor to use OpenNic root hints. I tried this before and
obviously performance is not as good as normal (i.e. without their root hints).
It would also mean I have to keep an eye on the hints file to make sure it is
up to date.
If you have any suggestions or if I am doing anything wrong, let me know.
Ideally I would like to be able to use the first method, I just can't seem to
get it working.
Thanks for your continued help,
Oli
On 12 May 2012, at 09:22, Peter van Dijk wrote:
>
> If you have auth running in front of recursor, auth will give the best *auth*
> answer it has for a question. This behaviour could be slightly better, but
> what you want does not make sense - your recursor doesnt even know about
> opennic.
>
> If you want to run both an auth and a recursor, and you want the auth to host
> the opennic root, and you want your recursor to honor the opennic root, you
> need to point your clients to the recursor directly and set up forward-zones
> accordingly.
>
> Kind regards,
> --
> Peter van Dijk
> Netherlabs Computer Consulting BV - http://www.netherlabs.nl/
>
> _______________________________________________
> Pdns-users mailing list
> [email protected]
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
_______________________________________________
Pdns-users mailing list
[email protected]
http://mailman.powerdns.com/mailman/listinfo/pdns-users
