Is it possible to put the pdns-auth in front, so that every request for which we are not responsible for gets forwarded to the pdns-recursor?
> Am 08.01.2021 um 18:00 schrieb Kenneth Marshall via Pdns-users > <pdns-users@mailman.powerdns.com>: > > On Fri, Jan 08, 2021 at 04:47:29PM +0000, Ralph via Pdns-users wrote: >> Hi Brian, >> >> Thank you for the fast response. >> Exactly, recursor runs on port 53. Pdns-auth runs on the same ip with port >> 5300. >> >> Is this even possible to add a port to the master ip on the slave ? >> >> As I understood it correctly I require the recursor. >> It isn’t possible to do recursion with the pdns-with, right? >> >> >> BR >> Chris > > Hi Chris, > > Here is our basic NAT iptables rules to handle this here: > > ###################################################################### > # Allow Rice hosts to access the recursive name server on post 53. > # Pass non-Rice hosts to authoritative name server on port 553. > ###################################################################### > > *nat > :DNS-ROUTE - [0:0] > > ## We will only affect in-coming traffic to port 53: > -A PREROUTING -p udp --dport 53 -j DNS-ROUTE > -A PREROUTING -p tcp --dport 53 -j DNS-ROUTE > > ## Let Rice hosts access the recursor (on post 53): > -A DNS-ROUTE -s 128.42.0.0/16 -j ACCEPT > > ## Divert all others to the authoritative server on port 553: > -A DNS-ROUTE -p udp -m udp -j DNAT --to-destination :553 > -A DNS-ROUTE -p tcp -m tcp -j DNAT --to-destination :553 > > COMMIT > > > Regards, > Ken > _______________________________________________ > Pdns-users mailing list > Pdns-users@mailman.powerdns.com > https://mailman.powerdns.com/mailman/listinfo/pdns-users _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
