Sorry: > local-address=1.2.4.5 should be: local-address=1.2.3.5
with dnsdist you save one official IP-Number, have great statistics and be more secure because you can manage DOS attacks. But you have one more service to manage as described in „Scenario 2“ https://doc.powerdns.com/authoritative/guides/recursion.html?highlight=recursion > Am 05.08.2018 um 17:49 schrieb Nicola Tiling <[email protected]>: > > Signierter PGP-Teil > 1) powerdns, authoritative: IP: 1.2.3.4, Port 53, Don’t allow recursion, > authoritative reachable from world > 2) powerndes-recursor: IP 1.2.3.5, Port 53, forward authoritative zones you > need to 1.2.3.4, recursor only reachable from dedicated IPs > > recursor.conf: > local-address=1.2.4.5 > local-port=53 > threads=2 > forward-zones-file=/etc/pdns/forward-recurser.zones.cfg > allow-from=1.2.3.0/25 > >> Am 05.08.2018 um 17:40 schrieb Sergio Cesar <[email protected]>: >> >> This is exactly how I have configured it now, but how do I allow my own >> servers on the public side Internet to query my own dns? I have a 4 /25 >> ipv4 segments for my customers via T1 and other means that I need to provide >> dns services. >> >> >> >> On 08/05/2018 10:30 AM, Nicola Tiling wrote: >>> Take powerdns-recursor - it’s simple, you don’t need dnsdist for an easy >>> setup >>> >>> 1) powerdns, authoritative: IP: 1.2.3.4, Port 53, Don’t allow recursion, >>> authoritative reachable from world >>> 2) powerndes-recursor: IP 192.168.0.1, Port 53, forward authoritative zones >>> you need to 1.2.3.4, recursor only reachable from internal or dedicated IPs >>> >>> >>> recursor.conf: >>> local-address=192.168.0.1 >>> local-port=53 >>> threads=2 >>> forward-zones-file=/etc/pdns/forward-recurser.zones.cfg >>> allow-from=127.0.0.0/8, 10.0.0.0/8, 100.64.0.0/10, 169.254.0.0/16, >>> 192.168.0.0/16, 172.16.0.0/12, ::1/128, fc00::/7, fe80::/10 >>> >>> forward-recurser.zones.cfg: >>> dom1.tld=1.2.3.4 >>> dom2.tld=1.2.3.4 >>> … >>> >>> >>> >>>> Am 05.08.2018 um 17:07 schrieb Sergio Cesar <[email protected]>: >>>> >>>> Thank you for the reply, >>>> >>>> My setup is very simple, found little help in configuring dnsdist that >>>> looks so complicated and one more thing to go wrong. Like killing a fly >>>> with a cannon. >>>> >>>> We have just one server ns1 replicating to a second ns2 via direct mysql >>>> replication. >>>> >>>> Perhaps you have a simple configuration example for all 3 pdns, >>>> pdns-recursor and dnsdist, I can use for a simple setup like mine. We do >>>> have ipv4 and ipv6 addresses for our servers. >>>> >>>> Thanks again. >>>> >>>> Sergio >>>> >>>> >>>> >>>> On 08/05/2018 08:37 AM, Aki Tuomi wrote: >>>>> On Sat, Aug 04, 2018 at 07:01:36PM -0500, Sergio Cesar wrote: >>>>>> Installed PDNS 4.1.3 on a ubuntu 18.04. >>>>>> >>>>>> I have try to follow >>>>>> https://doc.powerdns.com/authoritative/guides/recursion.html setting up >>>>>> scenario 1: >>>>>> >>>>>> Any address I enter in "allow-from" is able to query the server and >>>>>> recursion works ok, but no other query from the Internet is successful >>>>>> unless I add 0.0.0.0/0 unfortunately this is not acceptable to have a >>>>>> fully open server to the Internet. >>>>>> >>>>>> In bind we have "allow-recursion" and a list of all the addresses the >>>>>> server will respond to and still respond to any query to domains itself >>>>>> hosts . >>>>>> >>>>>> How can I configure pdns and pdns-recursor to respond to queries from >>>>>> anyone to the authoritative server but only recurse to the allowed list? >>>>>> without having an open dns on the Internet? >>>>>> >>>>>> Thanks. >>>>>> >>>>> You use dnsdist for this. >>>>> >>>>> Aki Tuomi >>>> _______________________________________________ >>>> Pdns-users mailing list >>>> [email protected] >>>> https://mailman.powerdns.com/mailman/listinfo/pdns-users >> > > >
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ Pdns-users mailing list [email protected] https://mailman.powerdns.com/mailman/listinfo/pdns-users
