On 2017-05-04 4:05 AM, Julian Kippels wrote:
Hi,
I am using powerdns 3.4.11 with postgres authorative backend and
recursor 3.7.4 as a slave to another DNS server. I have set up my main
domain and would like to delegate all traffic for a subdomain to yet a
different nameserver (Active Directory).
This is my domains table:
select * from domains;
id | name | master | last_check | type | notified_serial | account
----+--------+--------------+------------+-------+-----------------+---------
1 | hhu.de | 134.99.128.2 | 1493888644 | SLAVE | |
This is the entry for the subdomain I want to delegate:
select * from records where name ~ '.*ad.hhu.de';
id | domain_id | name | type | content |
ttl | prio | change_date | disabled | ordername | auth
-----+-----------+------------------------+------+------------------------+-------+------+-------------+----------+-----------+------
6 | 1 | ad.hhu.de | NS | svr-hhu-dc-1.ad.hhu.de |
86400 | 0 | | f | | t
7 | 1 | ad.hhu.de | NS | svr-hhu-dc-2.ad.hhu.de |
86400 | 0 | | f | | t
313 | 1 | svr-hhu-dc-1.ad.hhu.de | A | 134.99.108.150 |
86400 | 0 | | f | | t
314 | 1 | svr-hhu-dc-2.ad.hhu.de | A | 134.99.108.151 |
86400 | 0 | | f | | t
and
1 | 1 | hhu.de | SOA | sirene.rz.uni-duesseldorf.de.
hostmaster.uni-duesseldorf.de. 2017042701 28800 14400 2592000 25200 |
86400 | 0 | | f | | t
When I use dig to get a name from ad.hhu.de I get no answer:
dig @localhost ldaps.ad.hhu.de
; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3.3 <<>> @localhost ldaps.ad.hhu.de
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3914
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 3
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1680
;; QUESTION SECTION:
;ldaps.ad.hhu.de. IN A
;; AUTHORITY SECTION:
ad.hhu.de. 86400 IN NS svr-hhu-dc-2.ad.hhu.de.
ad.hhu.de. 86400 IN NS svr-hhu-dc-1.ad.hhu.de.
;; ADDITIONAL SECTION:
svr-hhu-dc-2.ad.hhu.de. 86400 IN A 134.99.108.151
svr-hhu-dc-1.ad.hhu.de. 86400 IN A 134.99.108.150
;; Query time: 7 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Do Mai 04 11:34:41 CEST 2017
;; MSG SIZE rcvd: 130
This configuration was imported from a BIND server which returns the correct
address.
My configuration looks like this:
pdns.conf:
setuid=pdns
setgid=pdns
launch=gpgsql
gpgsql-dbname=pdns
gpgsql-user=pdns
gpgsql-password=xxxx
recursor=127.0.0.1:5300
master=yes
slave=yes
allow-axfr-ips=134.99.128.2/32, 134.99.128.5/32, (....)
allow-recursion=134.99.0.0/16, 172.16.0.0/12, 192.168.254.0/24, 10.88.2.8/31,
10.82.0.0/16, 10.87.16.0/20, 80.153.104.53/32, 80.152.209.115/32
log-dns-details=yes
log-dns-queries=yes
loglevel=5
recursor.conf:
setuid=pdns-recursor
setgid=pdns-recursor
local-port=5300
I can't see why the delegation would fail. Any help would be appreciated.
This isn't a recommendation configuration in the first place (and will
stop working in future versions) but probably because you aren't
allowing your loopbacks in your allow-recursion statement?
Thanks in advance
Julian
_______________________________________________
Pdns-users mailing list
[email protected]
https://mailman.powerdns.com/mailman/listinfo/pdns-users
_______________________________________________
Pdns-users mailing list
[email protected]
https://mailman.powerdns.com/mailman/listinfo/pdns-users
