1) powerdns, authoritative: IP: 1.2.3.4, Port 53, Don’t allow recursion, authoritative reachable from world 2) powerndes-recursor: IP 1.2.3.5, Port 53, forward authoritative zones you need to 1.2.3.4, recursor only reachable from dedicated IPs
recursor.conf: local-address=1.2.4.5 local-port=53 threads=2 forward-zones-file=/etc/pdns/forward-recurser.zones.cfg allow-from=1.2.3.0/25 > Am 05.08.2018 um 17:40 schrieb Sergio Cesar <[email protected]>: > > This is exactly how I have configured it now, but how do I allow my own > servers on the public side Internet to query my own dns? I have a 4 /25 > ipv4 segments for my customers via T1 and other means that I need to provide > dns services. > > > > On 08/05/2018 10:30 AM, Nicola Tiling wrote: >> Take powerdns-recursor - it’s simple, you don’t need dnsdist for an easy >> setup >> >> 1) powerdns, authoritative: IP: 1.2.3.4, Port 53, Don’t allow recursion, >> authoritative reachable from world >> 2) powerndes-recursor: IP 192.168.0.1, Port 53, forward authoritative zones >> you need to 1.2.3.4, recursor only reachable from internal or dedicated IPs >> >> >> recursor.conf: >> local-address=192.168.0.1 >> local-port=53 >> threads=2 >> forward-zones-file=/etc/pdns/forward-recurser.zones.cfg >> allow-from=127.0.0.0/8, 10.0.0.0/8, 100.64.0.0/10, 169.254.0.0/16, >> 192.168.0.0/16, 172.16.0.0/12, ::1/128, fc00::/7, fe80::/10 >> >> forward-recurser.zones.cfg: >> dom1.tld=1.2.3.4 >> dom2.tld=1.2.3.4 >> … >> >> >> >>> Am 05.08.2018 um 17:07 schrieb Sergio Cesar <[email protected]>: >>> >>> Thank you for the reply, >>> >>> My setup is very simple, found little help in configuring dnsdist that >>> looks so complicated and one more thing to go wrong. Like killing a fly >>> with a cannon. >>> >>> We have just one server ns1 replicating to a second ns2 via direct mysql >>> replication. >>> >>> Perhaps you have a simple configuration example for all 3 pdns, >>> pdns-recursor and dnsdist, I can use for a simple setup like mine. We do >>> have ipv4 and ipv6 addresses for our servers. >>> >>> Thanks again. >>> >>> Sergio >>> >>> >>> >>> On 08/05/2018 08:37 AM, Aki Tuomi wrote: >>>> On Sat, Aug 04, 2018 at 07:01:36PM -0500, Sergio Cesar wrote: >>>>> Installed PDNS 4.1.3 on a ubuntu 18.04. >>>>> >>>>> I have try to follow >>>>> https://doc.powerdns.com/authoritative/guides/recursion.html setting up >>>>> scenario 1: >>>>> >>>>> Any address I enter in "allow-from" is able to query the server and >>>>> recursion works ok, but no other query from the Internet is successful >>>>> unless I add 0.0.0.0/0 unfortunately this is not acceptable to have a >>>>> fully open server to the Internet. >>>>> >>>>> In bind we have "allow-recursion" and a list of all the addresses the >>>>> server will respond to and still respond to any query to domains itself >>>>> hosts . >>>>> >>>>> How can I configure pdns and pdns-recursor to respond to queries from >>>>> anyone to the authoritative server but only recurse to the allowed list? >>>>> without having an open dns on the Internet? >>>>> >>>>> Thanks. >>>>> >>>> You use dnsdist for this. >>>> >>>> Aki Tuomi >>> _______________________________________________ >>> Pdns-users mailing list >>> [email protected] >>> https://mailman.powerdns.com/mailman/listinfo/pdns-users >
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ Pdns-users mailing list [email protected] https://mailman.powerdns.com/mailman/listinfo/pdns-users
