On 23/06/2020 19:47, Yves Goergen wrote:
Okay, so I'll have to repeat all the domains from the auth server's
database in a static config file? What's the use of the database then?
Well, if your authoritative server has a public IP address, then you can
just put NS records in the parent zone - the recursor will find your
authoritative nameserver(s) automatically with no additional
configuration. So will everyone else.
I just guessed that the reason you wanted to mix recursor and
authoritative roles is because you don't have delegation configured for
your local domains.
(FWIW, my home domain *does* permit external resolution, and my auth
server is reachable via IPv6)
And then I still have two DNS servers: one that can resolve any public
name, and another one that can resolve the names I host myself. The
recursor is only accessible locally and the auth server is public.
That's correct.
What should I use for the system's default DNS server?
The recursor. (Always).
If I choose the first, I cannot resolve my own names locally.
Not true. Choose the recursor, and it will resolve both external names
and your local names. If your local names are delegated, no additional
configuration is required. If your local names are not delegated, then
it's one entry for each domain in the recursor.conf. That's all.
PowerDNS auth server on port 53 and recursor internally forwarded to
port 5300 worked fine with a single public IP address and port for
queries from local and remote.
You can run auth on 53 and recursor on 5300, but then your clients will
need to be configured to use port 5300 for recursion and it's not always
possible to do that.
A better option is for your machine to have both a public IP and a
private IP, and to bind the auth server to the public one and the
recursor to the private one.
PowerDNS is a very lean and flexible DNS server that scales extremely
well. It's very lightweight and works well in a home network. But you
do have to run the separate roles, which has been best practice for
donkeys years anyway.
Regards,
Brian.
_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users
