The recursor only ever talks to the authoritative ersolver in this scneario so the authoritative resolver needs further configuration to properly restrict who is being allowed to use it recursively. recursor.conf only affects the recursor itself. You need to set, in pdns.conf, allow-recursion to restrict appropriately.
Also, its usually not a good idea to have your recursors and authoritative nameservers on the same IPs, the authoritative should really just be serving authoritative data and never recursing. This helps prevent accidental (and malicious) cache poisoning of your authoritative nameserver. On Thu, Mar 29, 2012 at 2:27 PM, Miguel Miranda <miguel.miran...@gmail.com> wrote: > Hello to all, im migrating several of my dns server from bind to powerdns, i > was trying the recursor only and it restricted who can use my server to the > nets listed in allow-from-file, when i configure the authoritative and > recursor using the recursor= 127.0.0.1, everybody can use my server for > recursion, am i missing something or bypassing allow-from-file is the normal > operation in this scenario? > regards > > _______________________________________________ > Pdns-users mailing list > Pdns-users@mailman.powerdns.com > http://mailman.powerdns.com/mailman/listinfo/pdns-users > -- "Genius might be described as a supreme capacity for getting its possessors into trouble of all kinds." -- Samuel Butler _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
