Hello Peter, I have made what you said, but it doesn't work as I expected:
10.10.0.12 -> master pdns, authoritative zone example.com and it's recursor example.com 10.10.0.13 -> pdns-recursor installed listening in port 53 with "forward-zones=example.com=10.10.0.12" dig www.example.com @10.10.0.13 ; <<>> DiG 9.9.5-9-Debian <<>> www.example.com @10.10.0.13 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 14794 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.example.com. IN A ;; AUTHORITY SECTION: example.com. 300 IN SOA ns1.example.com. sistemas.example.com. 2016063006 120 30 300 300 ;; Query time: 4 msec ;; SERVER: 10.10.0.13#53(10.10.0.13) ;; WHEN: Thu Jun 30 15:16:05 CEST 2016 ;; MSG SIZE rcvd: 82 dig www.example.com @10.10.0.12 ; <<>> DiG 9.9.5-9-Debian <<>> www.example.com @10.10.0.12 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 27319 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1680 ;; QUESTION SECTION: ;www.example.com. IN A ;; AUTHORITY SECTION: example.com. 300 IN SOA ns1.example.com. sistemas.example.com. 2016063006 120 30 300 300 ;; Query time: 2 msec ;; SERVER: 10.10.0.12#53(10.10.0.12) ;; WHEN: Thu Jun 30 15:16:58 CEST 2016 ;; MSG SIZE rcvd: 93 And what I want is that if there's no record for www.example.com in my pdns-server to check the record through recursor (to check public DNS). Right now, with my LDAP backend I haven't got a record for www.example.com and when asking for it it goes through recursor and 8.8.8.8 : dig www.example.com ; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> www.example.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3202 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.example.com. IN A ;; ANSWER SECTION: www.example.com. 80616 IN A 131.30.16.5 ;; Query time: 11 msec ;; SERVER: 10.10.0.4#53(10.10.0.4) ;; WHEN: Thu Jun 30 15:18:52 CEST 2016 ;; MSG SIZE rcvd: 49 10.10.0.4 is my actual pdns-server 2.91. It's a very old installation, and I have checked that what it has are simple A records (there is no master-zone with it's SOA record... I know, it's been configured like this a lot of years). The next problem will be to migrate those records from LDAP into sqlite3... But I think I will script it. Any suggestions will be appreciated. ----- Mensaje original ----- > De: "Peter van Dijk" <[email protected]> > Para: [email protected] > Enviados: Jueves, 30 de Junio 2016 14:27:22 > Asunto: Re: [Pdns-users] Recursor remote server when not in local > master-zone > > Hello Rubén, > > On 29 Jun 2016, at 17:45, Rubén Gómez wrote: > > > But if I try to nslookup for a record that is in my "real public DNS" > > but not in the local powerDNS, I get the "Host www.example.com not > > found: 3(NXDOMAIN)". I have seen that allow-recursion-override is > > deprecated, and I don't see how to implement the "fake master-zone" to > > make what I need. > > First a side note: please do not use nslookup for debugging, it will lie > to you. ‘dig’ is a good tool. > > As for your setup: we recommend pointing your users at your recursor, > not your auth. Then in the recursor configure forward-zones to point > just your own domains to the auth. > > Kind regards, > -- > Peter van Dijk > PowerDNS.COM BV - https://www.powerdns.com/ > _______________________________________________ > Pdns-users mailing list > [email protected] > https://mailman.powerdns.com/mailman/listinfo/pdns-users > _______________________________________________ Pdns-users mailing list [email protected] https://mailman.powerdns.com/mailman/listinfo/pdns-users
