On 08/05/2021 16:14, Steven Garner wrote:
If I want to provide authoritative dns for several hundred public
domains, am I correct that (as of version 4.1.0), I need to install
PowerDNS Recursor (v 4.5.X) and dnsdist (v 1.6.X) in addition to
PowerDNS Authoritative Server (v 4.4.X), to allow for recursion? I'm
following the migration plan scenario 2 under
https://doc.powerdns.com/authoritative/guides/recursion.html
<https://doc.powerdns.com/authoritative/guides/recursion.html>.
Best practice (regardless of which DNS software you use) is to keep
authoritative and recursive DNS entirely separate: typically different
physical servers, or at least separate VMs, and certainly on different
IP addresses.
That dnsdist guide is if you have no choice but to frig it so that
recursive and auth DNS *must* be served from the same IP address. My
advice is: don't do it. Either change your clients to point to a
different recursor IP address, or renumber your authoritative DNS -
whichever is easier in your environment.
_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users
