Many thanks for your comprehensive replies. I have a number of paths to explore now and will head off to do some more careful testing.
If I need further advice I will make sure to include a better set of test results. I certainly have more confidence in getting to a solution that works for me, given the support of this forum. Stan On Fri, 2017-02-17 at 08:15 +0000, Brian Candler wrote: > On 17/02/2017 06:45, stancs3 wrote: > > > > Reverse doesn't work in this config, so I figure on giving up on > > recursor. > What do you mean by "reverse doesn't work"? Can you give a specific > example of what you did, what you saw, and what you expected to see? > > Reverse is just another domain (under in-addr.arpa), no different to > any > other. > > > > I can either use my router's recursor, or perhaps set up a pdns- > > recursor on a different VM to keep it clean. Wouldn't that be the > > same/better than the router's? > Most routers' built-in DNS is pretty poor - little more than a > caching > forwarder to an upstream DNS (like dnsmasq), so having your own > pdns-recursor is likely to be much better. > > If you want your authoritative DNS to be visible to the outside > world > for real delegation, then it needs to listen on port 53. If you want > your recursive DNS to be usable by local clients, then it also needs > to > listen on port 53, since most clients can't be (easily) configured > to > send their DNS queries to a different port. > > So, to run both auth and recursive, you need to assign two IP > addresses. > Those can either be two different VMs (maximum separation), two > different containers, or even two different IPs in the same machine, > where the pns-auth and pdns-recursor processes are configured to bind > to > (listen on) a different individual IP address. > > You could try fancy tricks with dns-dist in front, but personally > I'd > just go for the two VMs or two containers. > > Don't forget redundancy. For authoritative DNS you'll want another > nameserver on a completely different backbone (see RFC2182). For > client > redundancy, two local recursors is what you want. > > HTH, > > Brian. > _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
