On 23/06/2020 19:07, Yves Goergen via Pdns-users wrote:
I have only one server and one IPv4 address, so using a multi-IP setup
just isn't possible. With the decreased availability of IPv4
addresses, this isn't realistic either.
It's not a problem: your recursor can be behind NAT on a private IP
address. Only your auth server needs to be accessible from the Internet
- and even then, only if you want your domains to be resolvable
externally (in which case, please also read RFC2182 and set up at least
one secondary on a remote network)
So how is this supposed to work? Can I still use PowerDNS or will I
have to find another solution that has the same features as PowerDNS
4.0.9?
dnsdist is overkill here. For a small home network:
- stick your recursor(s) on a private IP
- stick your authoritative on a public IP (if required to be reachable
from outside)
- on your recursor, configure any private non-delegated domains, i.e.
those without NS records in the public DNS, to forward those queries to
the authoritative server.
For example:
forward-zones-file=/etc/powerdns/forward.zones
and in that file you could put:
int.example.com=192.168.1.53
168.192.in-addr.arpa=192.168.1.53
10.in-addr.arpa=192.168.1.53
+.=9.9.9.9
The last line is optional: it says to forward all other queries upstream
to 9.9.9.9 and to request recursion. This is if you want to use an
upstream filtered DNS service. Remove it and your recursor will follow
the DNS delegation tree as normal.
If you don't like this, you might want to use a different DNS server.
PowerDNS is designed for large ISP-scale applications where separation
of recursor and authoritative roles is an absolute must.
HTH,
Brian.
_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users
