On Wed, Nov 15, 2023, at 11:05, Brian Candler via Pdns-users wrote:
> On 15/11/2023 14:53, sebastian-n-95--- via Pdns-users wrote:
>> Hey,
>> 
>> I am considering migrating my current BIND-Based setup to PowerDNS.
>> 
>> For multiple zones, I currently have split-view in bind, so that I can 
>> define DNS-Records available only for internal clients.
>> 
>> To achieve this, I have the following zonefiles:
>> 
>> mydomain.com.ext.zone <- This zonefile is used for the external view
>> mydomain.com.int.zone  <- This zonesfile is used for the internal view
>>  
>> But I also have:
>> mydomain.com.include    <- This file is included in both zonefiles, so 
>> records defined there are available in both zones.
>>  
>>  
>> I was wondering, how I could replicate a setup like this in PowerDNS.
> BIND combines the roles of authoritative server and recursor; PowerDNS has 
> separate programs (pdns and pdns-recursor)
> 
> Split views are IMO a bad idea anyway, but if you wanted to do it you would 
> need to do something like this:
> 
> 
> 1. Run pdns-recursor for your internal clients to use
> 2. Run an instance of pdns-auth with your internal zones
> 

There is another option to consider:

1. Run pdns-recursor for your internal clients to use
2. Run pdns-auth for the external view of the zones
3. Install a Response Policy Zone (RPZ) in the recursor to *override* the 
results provided by the auth for queries from internal clients

Those overrides can add new records, hide existing records, or replace records 
with alternative answers.
_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Reply via email to