Re: [Pdns-users] Recursor / pdns installation help
Hello Patrick, Each of my dns servers runs pdns and each has a slave copy of the master pdns mysql database and in turn each server looks up the dns locally via mysql. This has been working great for 2 years. The problem each server is running pdns which has a DOS vulnerability. which is why I am upgrading to implement recursor. n...@mydomain.com http://mydomain.com - on server 1 n...@mydomain.com http://mydomain.com - on server 2 n...@mydomain.com http://mydomain.com - on server 3 n...@mydomain.com mailto:n...@mydomain.com - on server 4 Sounds like you are trying to solve this problem the wrong way. A recursor can not act as an authoritive server for a domain, when serving domains, you need an authoritive servers like pdns (for example: bind may combine the 2 functions into one server, but it can also by default not be authoritive for domains it does not have the data for). If you are worried about mysql being to slow to handle a DOS attack, you should eliminate the database on (some of) the public servers 1. you should use something like the bind-zone file backend (files on disk, instead of database) on those servers, that should be the fastest 2. those servers would be slave servers, the server with the database is the master server I thought I could recommend superslave operation where new domains are automatically recognised and added, but it seems like that is not supported on the file backend. Bert: it looks like the option exists in the code, but it is not in the documentation on http://doc.powerdns.com/ ?: supermaster-config: Location of (part of) named.conf where pdns can write zone-statements to supermasters: List of IP-addresses of supermasters supermaster-destdir: Destination directory for newly added slave zones PS with superslaves, domains are not deleted, you should create a script for that. ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Internal PowerDNS Install?
- Missatge original - In BIND this would be setting up different views, but I haven't seen that available in PowerDNS yet. Anyone have comments on whether or not this is coming or just not in the roadmap? this is as easy as configure an additional instance cp /etc/init.d/pdns /etc/init.d/pdns-interal and configure that additional instance on another ethernet device. that's what internally bind does, listening on specific address to serve specific zone. i found pdns way better to mantain and scale. regards, muzzol ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Internal PowerDNS Install?
On Wed, Dec 22, 2010 at 04:30:01PM -0700, IFM Lists wrote: This may be more of a general DNS question, if so forgive me. I'm somewhat a DNS in many ways. (Software engineer, sysadmin when my arm is twisted.) I've been using PDNS for providing DNS services for publicly-available names for a couple years now. Flawless and Easy. I wish to set up a PDNS server in-house to serve additional names. For example: www.mydomain.com - current external PDNS instance mail.mydomain.com - current external PDNS instance foo.mydomain.com - available in-house only bar.mydomain.com - available in-house only What would be even better if internally it could resolve the internal IP of www and mail rather than going through the external firewall. Is this doable? What is this called, so I can re-read the relevant part of the docs? Thanks The two usual ways to implement this are to run multiple instances of PDNS, one serving the external and the second serving the internal, or to use the pipe backend to serve the internal zones to internal IPs. Cheers, Ken ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] two addresses in the recursor= field (v4 and v6 address)
Hi list, Just wanted to let you know i was trying to setup the ipv6 recursor (2.9.21.2-1) in the following way: recursor=127.0.0.1:5353,[::1]:5353 This yields the following message when restarting (note the extra :53), local-port has been set Dec 23 21:17:09 ns0 pdns[26915]: DNS Proxy launched, local port 59127, remote 127.0.0.1:5353,[::1]:5353:53 Later on i noticed that the recursor for v6 works fine over v4 and the secondary v6 address entry wasnt needed at all. I couldnt find much information about this on the documentation to be honest (whether it was allowed to have two recursor addresses or not). Maybe it's worth it to mention this in the manual? -- Wouter Prins w...@null0.nl ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
