Hi Martin (and also Nick),
On Wed, 20 Jan 2016 10:25:53 +0100 Martin <[email protected]> wrote:
> We use ldap backend and we have our domain on external auth dns and this same
> domain also on local dns, becase there are some records which are different
> for
> local and external and some records are only for local.
Split-horizon with PowerDNS is not possible, further more, it is highly
recommended not to have the authoritative server do the recursion. I would
recommend doing full split horizon by as follows:
+---------+ +------+ +---------+
| Auth on | <---> | LDAP | <---> | Auth on |
| ::1 | +------+ | public |
+---------+ +---------+
^ ^
| |
v v
+----------+ (internet)
| Recursor | <--> (internal)
+----------+ (network )
The recursor should have `forward-zones=yourzone.com=[::1]:53`[1] configured.
This way, questions for for yourzone.com will be passed from the recursor to
the local authoritative server. By using different binddn's and filters or
attributes, you could restrict the records seen by either Authoritative Server.
This way you can serve the internal records to the users of the recursor and
other records to the internet.
> According documentation it should work, but it's not.
>
> From documentation
> [snip]
This discusses the fact that PowerDNS tries additional processing _with_ the
recursor component when it is enabled.
Hope this helps, best regards,
Pieter
1 - https://doc.powerdns.com/md/recursor/settings/#forward-zones
--
Pieter Lexis
PowerDNS.COM BV -- https://www.powerdns.com
_______________________________________________
Pdns-users mailing list
[email protected]
http://mailman.powerdns.com/mailman/listinfo/pdns-users
