Hi, Could you share the configuration of the PDNS Auth server please?
Frank Louwers Certified PowerDNS Consultant @ Kiwazo.be <http://kiwazo.be/> > On 19 Jan 2021, at 10:08, Dedan Irungu via Pdns-users > <pdns-users@mailman.powerdns.com <mailto:pdns-users@mailman.powerdns.com>> > wrote: > > I have made the changes request as soon below. The server does not serve > authoritative results. > > setLocal('85.10.203.183') > setACL({'0.0.0.0/0 <http://0.0.0.0/0>', '::/0'}) -- Allow all IPs access > > newServer({address='85.10.203.183:5300 <http://85.10.203.183:5300/>', > pool='auth'}) > newServer({address='85.10.203.183:5301 <http://85.10.203.183:5301/>', > pool='recursor'}) > > recursive_ips = newNMG() > recursive_ips:addMask('127.0.0.1/8 <http://127.0.0.1/8>') -- These > network masks are the ones from allow-recursion in the Authoritative Server > > addAction(NetmaskGroupRule(recursive_ips), PoolAction('recursor')) > addAction(AllRule(), PoolAction('auth')) > > > > I have tried to target powerdns directly via port 5300 but the result is the > same. Any dig performed on port 5300 should be authoritative but in this case > it is not. > > dig @85.10.203.183 <http://85.10.203.183/> gifsitebuilder.com > <http://gifsitebuilder.com/> A -p 5300 > > > > > On Tue, Jan 19, 2021 at 11:51 AM Brian Candler <b.cand...@pobox.com > <mailto:b.cand...@pobox.com>> wrote: > On 19/01/2021 08:40, Dedan Irungu via Pdns-users wrote: >> recursive_ips:addMask('0.0.0.0/0 <http://0.0.0.0/0>') -- These network >> masks are the ones from allow-recursion in the Authoritative Server >> >> addAction(NetmaskGroupRule(recursive_ips), PoolAction('recursor')) > These two lines together say: "for incoming queries from *any* IP addresses: > send them to the recursor". > > Try changing the first one to something like: > > recursive_ips:addMask('192.168.0.0/16 <http://0.0.0.0/0>') -- netblock > containing your local clients > > Then queries from 192.168.x.x will go to the recursor, whereas queries from > any *other* addresses will go to the authoritative server. > > _______________________________________________ > Pdns-users mailing list > Pdns-users@mailman.powerdns.com <mailto:Pdns-users@mailman.powerdns.com> > https://mailman.powerdns.com/mailman/listinfo/pdns-users Frank Louwers PowerDNS Certified Consultant @ Kiwazo.be
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
