Re: [Pdns-users] Need a solution to use an resolver for external CNAME's

Wed, 14 Sep 2016 02:49:09 -0700 

Hi,
A resolver by definition goes to the root servers to find answers to the 
queries received.
If you want to ask for an external CNAME, you need a recursor, but using f.e. 
the "allow-from=172.16.0.0/16" (being this your internal network), close your 
recursor service to the external world. You could use it, but I'm not.

You say:
"We want a public DNS server, but resolve queries for existing database entries 
only. Seems not possible to configure."
For that having only an Authoritative Service is enough.

I have note very clear what you are looking for .... It seems you need an 
Authoritative for your domains (which can be queried by everyone) and also a 
recursor for internal use only.

Can you clarify this for me?

XD

Ale


From: Michael Hasenburger [mailto:michael.hasenbur...@marel.at]
Sent: miƩrcoles, 14 de septiembre de 2016 11:34
To: Alejandro Adroher Mellado <alejandro.adro...@omniaccess.com>; 
pdns-users@mailman.powerdns.com
Subject: AW: Need a solution to use an resolver for external CNAME's

Hi Ale,

I also configured pdns-resolver with allow-from localhost, but it does resolve 
all request from powerdns.
We want a public DNS server, but resolve queries for existing database entries 
only. Seems not possible to configure.

BR Mike


Von: Alejandro Adroher Mellado [mailto:alejandro.adro...@omniaccess.com]
Gesendet: Mittwoch, 14. September 2016 10:48
An: EDV-Techniker; 
pdns-users@mailman.powerdns.com<mailto:pdns-users@mailman.powerdns.com>
Betreff: RE: Need a solution to use an resolver for external CNAME's

Hi Mike,

Use ACL to close your resolver

allow-from=your internal allowed netmasks

Ale

From: Pdns-users [mailto:pdns-users-boun...@mailman.powerdns.com] On Behalf Of 
EDV-Techniker
Sent: miƩrcoles, 14 de septiembre de 2016 10:08
To: pdns-users@mailman.powerdns.com<mailto:pdns-users@mailman.powerdns.com>
Subject: [Pdns-users] Need a solution to use an resolver for external CNAME's

Hi,

we want using a nameserver for our domains only. I can be done without 
configure a resolver. Works fine but if query f.e. an external CNAME, which A 
record doesn't exist at our database, then PowerDNS doesn't resolve.

Using a resolver does solve this problem. But now the DNS server is open and 
frail for attacks.

Is there a solution to use an resolver to query existing database entries only?

BR Mike
MAREL IT solutions


_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Reply via email to