(First of all: I'm not a PowerDNS-developer, so I might be wrong)
On 03/04/2010 10:01 AM, Liong Kok Foo wrote:
Hmm...I read the docs on recursion again (which I already read a few
times) and someone this time I got it.
I added google's dns server 8.8.8.8 into the recursor and now external
recursion works.
There must be a reason why this is off by default. Potential security
issues?
Because it's easier to detect mistakes if you keep it seperate.
It's just good practise to seperate your recursor and authoritive
server, people should just learn to do that.
Performance might be an other reason. Also you remove a dependency, what
if your recursor doesn't answer for
something, then the authoritive server doesn't answer quickly either
(does it do CNAME lookups recursively ?).
What if something is wrong with your authoritive server, if you have
your authoritive server in
your: /etc/resolv.conf as your recursor, you don't get any
recursive-queries resolved either.
If this method works, why is there need for pdns's own recursor server?
1. Because people/companies don't want to depend on others (in your case
Google).
2. Because by some accounts, it's the fastest open source recursor
available. It's also pretty secure.
Thanks.
On 3/4/2010 4:38 PM, none wrote:
Basically it checks local data first before recursing to external
nameserver, and you should turn this off. About turning lazy-recursion
off doesn't lower amount av log enterys, actually it doesn't have any
effect at all.
You can read the docs here http://doc.powerdns.com/recursion.html
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users