Hi,
I'm trying to set a simple authoritative server that is also a recursive
server for my network. The idea is that for my domain (lets say
domain.com), I want the server the answer with the aa flag enabled, and
for my IP ranges it should answer with the addresses in the database.
Everything else should be send to the recursive server.
So, I've set powerdns on localhost:5300, with MySQL backend and using
nsedit to edit my domains. This is working (the full config is below).
I've set powerdns-recursive on localhost:5301 to answer the recursive
requests (full config also below).
Last, I've set dnsdist to <myIP>:53. The idea is that DNS requests
asking for <domain.com>, <myip4> and <myip6> should go to powerdns.
Everything else should go to powerdns-recursor. Simple, I guess. My
problem is that I'm confused with the dnsdist config, so I would like to
ask what I should add in there. So far, my config is the following:
setLocal('0.0.0.0:53')
addLocal('0::0:64')
setACL({'0.0.0.0/0', '::/0'}) -- Allow all IPs access
newServer({address='127.0.0.1:5300', pool='auth'})
newServer({address='127.0.0.1:5301', pool='recursor'})
recursive_ips = newNMG()
recursive_ips:addMask('0.0.0.0/0') -- These network masks are the ones
from allow-recursion in the Authoritative Server
recursive_ips:addMask('::0/0')
addAction({"<mydomain>."}, PoolAction("auth"))
addAction(NetmaskGroupRule(recursive_ips), PoolAction('recursor'))
addAction(AllRule(), PoolAction('auth'))
-- disable security status polling via DNS
setSecurityPollSuffix("")
This work, but only for the domain. Queries for my ip addresses are
being sent to the recursor. If I replace the 'addAction({"<mydomain>."},
PoolAction("auth"))' with
addAction({"<mydomain>.", "<myip6range>", "myip4range"}, PoolAction("auth"))
Nothing is sent to the authoritative server; The right setup is probably
simple, but I can't figure what it should be. Could somebody give me a hand?
Thanks,
Roberto
PS: I'm using Ubuntu 20.04, pdns 4.2.1-1, installed via apt. dnsdist is
version 1.4.0, also using apt. My setup for pdns is:
api=yes
api-key=<some key>
include-dir=/etc/powerdns/pdns.d
launch=gmysql
gmysql-host=127.0.0.1
gmysql-user=powerdns
gmysql-dbname=powerdns
gmysql-password=<some password>
gmysql-dnssec=yes
local-address=127.0.0.1
local-ipv6=::1
local-port=5300
security-poll-suffix=
setgid=pdns
setuid=pdns
webserver=yes
My recursor.conf is:
allow-from=0.0.0.0/0 ::0/0
config-dir=/etc/powerdns
forward-zones=<mydomain>=127.0.0.1:5300
hint-file=/usr/share/dns/root.hints
include-dir=/etc/powerdns/recursor.d
local-address=127.0.0.1, ::1
local-port=5301
lua-config-file=/etc/powerdns/recursor.lua
public-suffix-list-file=/usr/share/publicsuffix/public_suffix_list.dat
quiet=yes
security-poll-suffix=
setgid=pdns
setuid=pdns
--
--
Este e-mail foi verificado quanto a vĂrus pelo AVG.
http://www.avg.com
_______________________________________________
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist
