Sure, no problem. Here is what you need to set: allow-recursion= [subnets you want to allow to recurse, I think they are comma seperate but it may be by space] lazy-recursion=yes recursor=127.0.0.1:54
That should be it. Oli On Thu, Jun 7, 2012 at 10:48 AM, Odhiambo Washington <[email protected]>wrote: > > > On Thu, Jun 7, 2012 at 12:36 PM, Oliver Kent <[email protected]> wrote: > >> I happen to disagree, since I know for a fact it is possible to run both >> the authoritative server and recursor on the same IP address, I happen to >> be doing that at the moment. >> >> Leave the authoritative server on port 53 and switch the recursor to port >> 54 (or a random port not in use). Have the authoritative server forward >> recursive queries to the recursor on your desired port (e.g 127.0.0.1:54) >> and perhaps set lazy recursion as well. Thats it! >> >> Obviously, the problem with this method is that for each query that comes >> in, the authoritative server will check for the domain first before passing >> to the recursor, but thats where the cache comes in and I have never really >> had a problem with it. I guess it depends on the amount of domains you have. >> >> I also object to the suggestion that it is a bad idea to run both servers >> on the same host. If anything, it increases security as you can limit >> queries to the recursor to localhost and in turn, limit recursive access to >> the outside world on the authoritative server. >> >> Just my two cents! >> >> > Hi Oli, > > I intend to only allow my subnets to do recursion. I don't want to allow > the whole planet to do that. They can rely on the authoritative server. > > Could you kindly supply me with a snippet of the options I need in > pdns.conf so that it passes the queries to the recursor? > I hope that allow-recursion=mysubnet/cidr will be used to control who is > allowed to recurse. > > I can see recursor=192.168.40.252, but suppose recursor daemon is > listening on port 54, how will I tell the authoritative daemon that? > > > -- > Best regards, > Odhiambo WASHINGTON, > Nairobi,KE > +254733744121/+254722743223 > _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ > I can't hear you -- I'm using the scrambler. > > > _______________________________________________ > Pdns-users mailing list > [email protected] > http://mailman.powerdns.com/mailman/listinfo/pdns-users > >
_______________________________________________ Pdns-users mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-users
