Hi Eli,
To keep it simple, you could implement the solution outside the DNS server by
generating the different zones from a unified source, that contains both
information about each RR.
Winfried
Am 3. August 2022 01:43:38 MESZ schrieb eli glynn via Pdns-users
<pdns-users@mailman.powerdns.com>:
>I've recently inherited a really ugly mess at my company, involving a
>muddle of PowerDNS, Route53, NS1, and just about every mixed up interaction
>you could imagine between them all.
>
>The biggest part of the jumble is the way PowerDNS was used as a poor-mans
>split horizon - we have a large number of records which point at internal
>(e.g. 10.x) ranges, with duplicate entries in Route53 AND/OR NS1 (don't
>ask) usually pointing at routable IPs. There's a lot of badness beyond
>just that, but the majority of my pain is from that basic situation.
>
>Because the client systems are pointed at PDNS, and it considers itself
>authoritative, we're forced to duplicate ALL external records (overridden
>or not) within PDNS, or NXDOMAINs result. This of course leads to two (or
>sometimes three) sources of truth for all RRs, and historically the needed
>due diligence has not been performed to keep them in sync.
>
>Long story short, in order to clean up the mess, I'm hoping to implement an
>"overlay" in PowerDNS, whereby PDNS only contains the RRs which it needs to
>override. If a record would normally be identical to the external value
>(Route53 or NS1) then rather than duplicating it, I'd like PowerDNS to fail
>through and do a recursive lookup externally, returning that value to the
>client. So basically, if an NXDOMAIN or NODATA would be returned for a
>zone PDNS considers itself authoritative for, it instead recurses and emits
>whatever comes back from there.
>
>It seems this should be doable using a `postresolve()` hook, or even better
>`nxdomain()` combined with `nodata()` to minimize Lua roundtrips. But I'm
>having a heckuva time implementing the recursion part. I can't find any
>canned tooling within Lua to do something theoretically simple (e.g. what
>in python you'd do with `import socket ; return
>socket.gethostbyname("blah")`). I've also considered writing a custom
>backend but would prefer to keep things simple if at all possible
>
>I know this is an unusual use-case (though I can see where such an
>"overlay" could be very useful in a number of scenarios).
>
>Any feedback would be appreciated - suggestions, alternate approaches, or
>even a flat "you can't do that in PowerDNS" if such is the case - it will
>save me a lot of cycles if so :)
>
>Thanks all!
_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users
