Hi Ian, Welcome aboard. I'm also new to PDNS and only an expert of few months :)
>From the info you provided everything seems to be good. Someone with higher >understanding will chime in if there's something wrong with it :) Assuming your Auth DNS servers are only serving private internal zones/domains, you can use the following setup to consolidate resources instead of having to run separate instances: https://doc.powerdns.com/authoritative/guides/recursion.html What I did was have 1 master and 2x slave (replication via mysql back-end) Auth servers. Master is only accessible via management IP and only used to configure DNS entries. Replication is also handled via management IP addresses for security and is setup as a one-way sync (master->slave). Only slaves are visible others in the organisation. Both slaves are configured with Auth DNS + Recursor as per the Scenario 1 of the above link. Hope this helps. Kind Regards, Asanka Gunasekara On 15/11/2018 6:29:58 AM, Ian Easter <ieas...@telvue.com> wrote: Howdy folks! As many before me, I have inherited a network infrastructure that is showing its age. First order is to update the self-hosted DNS servers. This is new territory for me, so I get the opportunity to learn as I progress in the endeavor. Right now it is 1 BIND Master and 2 BIND Slaves and they provide DNS for our local office as well as a remote Colo. They handle the Private Internal Zones we have as well as directing requests for public internet resolution. At least, I believe that to the best summary of how they're performing. I have a test environment setup currently and everything looks to be running smoothly. My question is geared toward verifying if I understood the overall functions correctly and have things configured as it should be (optimally). I have PDNS Recursor sitting as the front for all of the DNS requests so they may be resolved for public websites/access and I have the `forward-zones` option set to forward all requests to the Authoritative and Slave PDNS Servers for our private internal domains. So Recursor is getting all requests, private zone/domain requests are forwarded to the Authoritative server and all others are obtained externally. Is this the proper setup or is there a way that the Authoritative DNS Server would need to be configured to manage requests in this fashion? Thank you. _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users