On Wed, Nov 15, 2023, at 11:05, Brian Candler via Pdns-users wrote: > On 15/11/2023 14:53, sebastian-n-95--- via Pdns-users wrote: >> Hey, >> >> I am considering migrating my current BIND-Based setup to PowerDNS. >> >> For multiple zones, I currently have split-view in bind, so that I can >> define DNS-Records available only for internal clients. >> >> To achieve this, I have the following zonefiles: >> >> mydomain.com.ext.zone <- This zonefile is used for the external view >> mydomain.com.int.zone <- This zonesfile is used for the internal view >> >> But I also have: >> mydomain.com.include <- This file is included in both zonefiles, so >> records defined there are available in both zones. >> >> >> I was wondering, how I could replicate a setup like this in PowerDNS. > BIND combines the roles of authoritative server and recursor; PowerDNS has > separate programs (pdns and pdns-recursor) > > Split views are IMO a bad idea anyway, but if you wanted to do it you would > need to do something like this: > > > 1. Run pdns-recursor for your internal clients to use > 2. Run an instance of pdns-auth with your internal zones >
There is another option to consider: 1. Run pdns-recursor for your internal clients to use 2. Run pdns-auth for the external view of the zones 3. Install a Response Policy Zone (RPZ) in the recursor to *override* the results provided by the auth for queries from internal clients Those overrides can add new records, hide existing records, or replace records with alternative answers.
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users