Hi Tobi, Nico is completely right: it sounds like the wrong solution for your problem. If your provider has issues reaching that destination, then the solution would be to have your provider fix the reachability issue. Note that the second reason you mention (src address rate limiting) won’t be fixed by implementing this solution…
If you *do* want to solve it at the configuration layer: do you have a list of domains that should use the other resolver? If not, this is going to be more complex, as you’d need to first resolve the NS for the domain, then match that NS to set the backup resolver. Frank > On 20 May 2019, at 18:19, Nico CARTRON <nico...@ncartron.org > <mailto:nico...@ncartron.org>> wrote: > > While it's true that what Frank suggested is totally doable with dnsdist (and > actually one of its missions), it would be interesting though to understand > why > one of your recursors has issues to reach the authoritative server, and > another > recursor has no issue. > > A couple of questions: > - are they running the same Recursor version? > - are they on the same network / same site / faced by the same network > equipments, if any (e.g. firewall) / any ACL in place > - which OS are they running (if differences between the 2) > > Cheers,
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
