On 4/6/22 11:18, Brian Candler wrote:
If I understand that right: you have dnsdist and auth running on the
local server, and recursor is on a remote server?
If your requirements are simple, for basic DNS querying you may not
need dnsdist at all. Just run the recursor on port 53, and use
forward-zones / forward-zones-recurse as you do today. Looking at your
config though, maybe it's to do with AXFR/IXFR requirements though.
Any idea ? I can definitely make TCPDumps at some point but I'm not
sure to able to understand them ;-)
If the above statement is true, you'll need two simultaneously, in
separate windows:
tcpdump -i lo -nn -s0 -v port 53 or port 5353
tcpdump -i eth0 -nn -s0 -v port 53
It should decode the packets for you, so it should be clear. (Except
port 5353. New version of tcpdump have "-T domain" to force decoding
as DNS, but you'll need a very recent version; Ubuntu 20.04 is not new
enough)
The tcpdumps will show:
- queries from dig to dnsdist (53) and dnsdist to auth (5353)
- queries from dnsdist to recursor
No I have actually three identical servers shared a MySQL cluster used
as PowerDNS backend for authoritative zones
I need some recursion / logging facilities so I added on top of them
(same machine) pdns-recursor or dnsdist. I first went for recursor but
ended up thinking dnsdist was more flexible (especially on filtering
updates / axfr, you're right).
That's why I basically have both of them available on each server and
can very easily switch between them for testing purpose.
I'll check the tcpdump thinggy, should be trivial task to backport
Debian's version to stable.
Adam.
_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users
