On Fri, Jan 08, 2021 at 04:47:29PM +0000, Ralph via Pdns-users wrote: > Hi Brian, > > Thank you for the fast response. > Exactly, recursor runs on port 53. Pdns-auth runs on the same ip with port > 5300. > > Is this even possible to add a port to the master ip on the slave ? > > As I understood it correctly I require the recursor. > It isn’t possible to do recursion with the pdns-with, right? > > > BR > Chris
Hi Chris, Here is our basic NAT iptables rules to handle this here: ###################################################################### # Allow Rice hosts to access the recursive name server on post 53. # Pass non-Rice hosts to authoritative name server on port 553. ###################################################################### *nat :DNS-ROUTE - [0:0] ## We will only affect in-coming traffic to port 53: -A PREROUTING -p udp --dport 53 -j DNS-ROUTE -A PREROUTING -p tcp --dport 53 -j DNS-ROUTE ## Let Rice hosts access the recursor (on post 53): -A DNS-ROUTE -s 128.42.0.0/16 -j ACCEPT ## Divert all others to the authoritative server on port 553: -A DNS-ROUTE -p udp -m udp -j DNAT --to-destination :553 -A DNS-ROUTE -p tcp -m tcp -j DNAT --to-destination :553 COMMIT Regards, Ken _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
