Hello, where do you get the information from your dig-answer, that the server is not authoritative?
Best regards, Markus Von: Pdns-users <pdns-users-boun...@mailman.powerdns.com> Im Auftrag von frank+pdns--- via Pdns-users Gesendet: Dienstag, 19. Januar 2021 10:21 An: Dedan Irungu <dedaniru...@gmail.com> Cc: pdns-users-ml <pdns-users@mailman.powerdns.com> Betreff: Re: [Pdns-users] Powerdns server is not passing Authority parameter Hi, Could you share the configuration of the PDNS Auth server please? Frank Louwers Certified PowerDNS Consultant @ Kiwazo.be<http://Kiwazo.be> On 19 Jan 2021, at 10:08, Dedan Irungu via Pdns-users <pdns-users@mailman.powerdns.com<mailto:pdns-users@mailman.powerdns.com>> wrote: I have made the changes request as soon below. The server does not serve authoritative results. setLocal('85.10.203.183') setACL({'0.0.0.0/0<http://0.0.0.0/0>', '::/0'}) -- Allow all IPs access newServer({address='85.10.203.183:5300<http://85.10.203.183:5300/>', pool='auth'}) newServer({address='85.10.203.183:5301<http://85.10.203.183:5301/>', pool='recursor'}) recursive_ips = newNMG() recursive_ips:addMask('127.0.0.1/8<http://127.0.0.1/8>') -- These network masks are the ones from allow-recursion in the Authoritative Server addAction(NetmaskGroupRule(recursive_ips), PoolAction('recursor')) addAction(AllRule(), PoolAction('auth')) I have tried to target powerdns directly via port 5300 but the result is the same. Any dig performed on port 5300 should be authoritative but in this case it is not. dig @85.10.203.183<http://85.10.203.183/> gifsitebuilder.com<http://gifsitebuilder.com/> A -p 5300 On Tue, Jan 19, 2021 at 11:51 AM Brian Candler <b.cand...@pobox.com<mailto:b.cand...@pobox.com>> wrote: On 19/01/2021 08:40, Dedan Irungu via Pdns-users wrote: recursive_ips:addMask('0.0.0.0/0<http://0.0.0.0/0>') -- These network masks are the ones from allow-recursion in the Authoritative Server addAction(NetmaskGroupRule(recursive_ips), PoolAction('recursor')) These two lines together say: "for incoming queries from *any* IP addresses: send them to the recursor". Try changing the first one to something like: recursive_ips:addMask('192.168.0.0/16<http://0.0.0.0/0>') -- netblock containing your local clients Then queries from 192.168.x.x will go to the recursor, whereas queries from any *other* addresses will go to the authoritative server. _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com<mailto:Pdns-users@mailman.powerdns.com> https://mailman.powerdns.com/mailman/listinfo/pdns-users Frank Louwers PowerDNS Certified Consultant @ Kiwazo.be<http://Kiwazo.be>
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
