Re: [Pdns-users] PowerDNS, multi-cloud, feedback needed on options I am considering

2025-01-24 Thread frank--- via Pdns-users 

Your options seem valid. There's always going to be a trade-off and there's 
always going to be some sort of sync-mechanism that you'll have to trust. 
Whether that's the middleware app or the database replication mechanism or 
something else.

What option to choose is a question only you can make. Approach is rationally, 
make a risk-analysis of things that could go wrong, determine:

- impact
- blast radius
- "cost" (in SLA, in contractual $, in reputation $, ...)
- how quickly you can detect it, how quickly you can remediate it if it breaks

Personally I have good experiences with Lightning Stream in a multi-cloud 
setup, but again: your "best option" might be different than mine.

> 3)
> Other option I might have missed ?

Catalogue zones might be an idea as well?

Frank


Frank Louwers
Kiwazo

e: he...@kiwazo.com
m: +32 475 66 57 57



___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] Request for Help with PowerDNS + Recursor Configuration for Final Year Project

2025-05-07 Thread frank--- via Pdns-users 
Hi Nacho,

How "static" is the list of domains which need to resolve locally? Updated 
sub-second? Once every minute? Once every hour?

I would not use pdns-recursor at all. I would let dnsdist be the first point of 
entry, with 2 pools: a "auth" pool and a resolver pool.

Add the pdns-auth (with MySQL and Lua records) to the auth pool. Have pdns-auth 
ONLY serve the special records, with the lua handling.

Add 8.8.8.8 (and maybe 1.1.1.1/9.9.9.9 as well) to the resolver pool. Tell 
dnsdist to read a set of "special" domains from a text file. Tell it that IF 
(and only IF) the qname is part of the domains which is on the "special" list, 
it should send the query to the auth pool. In every other case (normal 
resolving), send it to the resolving pool (8.8.8.8 and others).

To be VERY VERY VERY VERY clear: what you proposed in the first mail is very 
very very very bad practice. If the scoring of the project is done by somebody 
who has any real life experience with dns, you'd fail. We don't want you to 
fail. So with the advise I and others on the list have given you, please go 
back to the drawing board and rethink your design.

Frank

> On 7 May 2025, at 16:04, Nacho Oppo via Pdns-users 
>  wrote:
> 
> Thanks  William,
> 
> I answer you between the lines
> 
> 1. This is bad practice.
> 
> It may be a bad practice, but it is the chosen one and it is the one that I 
> hope will give me the approval.
> 
> 
> 2. The goal of an assignment can’t be to have someone else do it for you. 
> What’s the point?
> 
> I am clear that it has to be this way, I need to understand it in order to 
> explain it.
> 
> 
> 3. What have you tried? “It doesn’t work” doesn’t indicate any effort.
> 
> I've installed and uninstalled the software several times, run separate tests 
> on the DNS server, and it resolves the names I put in the database. However, 
> the moment I try to add another DNS server to resolv.conf, it stops 
> responding to local DNS servers and goes online to look for them. 
> When I installed the Recursor, things got even worse because, despite not 
> having another DNS server in resolv.conf or the config, the service resolved 
> names for me, and I don't really understand how it did it.
> 
> 4. Should a Computer Science assignment really be this high-level?
> 
> They proposed it to me and I thought it wouldn't be as complicated as it's 
> turning out to be.
> 
> Nacho.
> 
> El mié, 7 may 2025 a las 10:27, William Edwards via Pdns-users 
> (mailto:pdns-users@mailman.powerdns.com>>) 
> escribió:
>> 1. This is bad practice. 
>> 2. The goal of an assignment can’t be to have someone else do it for you. 
>> What’s the point?
>> 3. What have you tried? “It doesn’t work” doesn’t indicate any effort. 
>> 4. Should a Computer Science assignment really be this high-level?
>> 
>> William Edwards
>> 
>> > Op 7 mei 2025 om 10:04 heeft Nacho Oppo via Pdns-users 
>> > mailto:pdns-users@mailman.powerdns.com>> 
>> > het volgende geschreven:
>> > 
>> > 
>> > Dear "PowerDNS MailGroup",
>> > 
>> > My name is Nacho, and I am a university student currently studying 
>> > Computer Science. I’m working on my final-year project, which involves 
>> > setting up a system that allows resolution of personal names using 
>> > PowerDNS.
>> > 
>> > The goal is to configure PowerDNS so that it first checks an A record in a 
>> > MySQL backend, and if the record is not found o if database does´not 
>> > respond, it should forward the query to an external DNS server, such as 
>> > Google’s (8.8.8.8).
>> > 
>> > From what I’ve read, this setup used to be possible directly with 
>> > PowerDNS, but now it seems that the use of a separate PowerDNS Recursor in 
>> > front is required. I’ve tried configuring it myself, but unfortunately, I 
>> > haven’t been able to make it work properly.
>> > 
>> > If someone could share a working configuration for both PowerDNS 
>> > Authoritative and PowerDNS Recursor (for the current versions), or point 
>> > me to a complete example, I would be truly grateful.
>> > 
>> > Thank you in advance for your time and help.
>> > 
>> > Best regards,
>> > Nacho
>> > 
>> > ___
>> > Pdns-users mailing list
>> > Pdns-users@mailman.powerdns.com 
>> > https://mailman.powerdns.com/mailman/listinfo/pdns-users
>> 
>> ___
>> Pdns-users mailing list
>> Pdns-users@mailman.powerdns.com 
>> https://mailman.powerdns.com/mailman/listinfo/pdns-users
> ___
> Pdns-users mailing list
> Pdns-users@mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users

___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] Request for Help with PowerDNS + Recursor Configuration for Final Year Project

2025-05-07 Thread frank--- via Pdns-users 


> On 7 May 2025, at 17:03, Nacho Oppo  wrote:
> 
> Hi Frank.
> 
> Another option I considered is creating a program that modifies the
> /etc/hosts files. With resolv.conf pointing to the internet and the
> nsswitch with host as file and dns, I'd have it solved. The only thing
> I need to implement is modifying the Lua records. My problem here is
> that it's simple for just two servers, but when we have N, things get
> more complicated.

That's another non-optimal solution, which is guaranteed to break.

> 
> What I can't understand is why this configuration worked perfectly for
> me with one old version of PDNS- pdns-4.1.14-1 (only put two namesever
> in resolv.conf 127.0.0.1 and 8.8.8.8) ?


Please see 
https://doc.powerdns.com/authoritative/appendices/EOL.html?highlight=end%20life.
 Pdns 4.1 went End Of Life before 2021, ages ago.

> Sorry,  I thought it worked when using the nslookup client, but when
> using dig it stops working
> 
> root@centos# nslookup mario
> Server: 127.0.0.1
> Address:127.0.0.1#53
> 
> Name:   mario
> Address: 194.140.12.111
> 
> root@centos# nslookup kiwazo.be
> ;; Got recursion not available from 127.0.0.1, trying next server
> Server: 8.8.8.8
> Address:8.8.8.8#53
> 
> Non-authoritative answer:
> Name:   kiwazo.be
> Address: 216.24.57.1
> 
> But with dig
> 
> root@centos# dig mario
> 
> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.7 <<>> mario
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61686
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
> ;; WARNING: recursion requested but not available
> 
> ;; QUESTION SECTION:
> ;mario. IN  A
> 
> ;; ANSWER SECTION:
> mario.  1   IN  A   194.140.12.111
> 
> ;; Query time: 12 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Wed May  7 17:01:35 2025
> ;; MSG SIZE  rcvd: 39
> 
> root@centos# dig kiwazo.be
> 
> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.7 <<>> kiwazo.be
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 22835
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> ;; WARNING: recursion requested but not available
> 
> ;; QUESTION SECTION:
> ;kiwazo.be. IN  A
> 
> ;; AUTHORITY SECTION:
> .   1   IN  SOA mario. hostmaster. 0
> 10800 3600 604800 3600
> 
> ;; Query time: 16 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Wed May  7 17:01:45 2025
> ;; MSG SIZE  rcvd: 77
> 
> root@centos# ping mario
> PING mario (194.140.12.111) 56(84) bytes of data.
> ^C
> --- mario ping statistics ---
> 2 packets transmitted, 0 received, 100% packet loss, time 1128ms
> 
> root@centos# ping kiwazo.be
> ping: unknown host kiwazo.be
> root@centos#
> 
> 
> 
> 
> I think I'll look for another way, because it's getting too
> complicated. Thank you very much for your time.

Yes, as I mentioned: Adding an auth server which doesn't know how to resolve 
things to /etc/resolv.conf will cause lots of bad things.

Frank

___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] Need help after the upgrade

2025-02-27 Thread frank--- via Pdns-users 
Try increasing max_allowed_packet in your mysqld config, see if that helps...


Frank

> On 27 Feb 2025, at 15:10, Peter Zoltan Keresztes (zozo) via Pdns-users 
>  wrote:
> 
> This is really strange situation. 
> I have the list of records added to the domain. I can check pdnsutil 
> check-zone zozoo.io <http://zozoo.io/> works with no issue. I edit the zone 
> with pdnsutil edit-zone zozoo.io <http://zozoo.io/> I add yet another boring 
> A record nothing strange, when to apply I get
> Error: GSQLBackend unable to list domain 'zozoo.io': Could not execute mysql 
> statement: SELECT 
> content,ttl,prio,type,domain_id,disabled,name,auth,ordername FROM records 
> WHERE (disabled=0 OR ?) and domain_id=? order by name, type: Lost connection 
> to server during query
> I added the record directly into the mysql database. Running a dnsutil 
> check-zone zozoo.io <http://zozoo.io/> same error. I removed the record from 
> the backend via mysql I can run dnsutil check-zone zozoo.io 
> <http://zozoo.io/> with no issues.
> 
> Note I am running powerdns 4.9.4
> 
> 
>> On 27 Feb 2025, at 13:58, Peter Zoltan Keresztes (zozo)  
>> wrote:
>> 
>> I have reinstalled the pdns exported the zones to csv files and readied the 
>> used one using pdnsutil however when I try to save sometimes I am getting 
>> the same errors.
>> 
>> mysql> explain select domains.id, domains.name, records.content, 
>> domains.type, domains.master, domains.notified_serial, domains.last_check, 
>> domains.account, domains.catalog from domains LEFT JOIN records ON 
>> records.domain_id=domains.id AND records.type='SOA' AND 
>> records.name=domains.name WHERE records.disabled=0
>> -> ;
>> ++-+-++--+--++-+-+--+--+-+
>> | id | select_type | table   | partitions | type | possible_keys
>> | key| key_len | ref | rows | filtered | 
>> Extra   |
>> ++-+-++--+--++-+-+--+--+-+
>> |  1 | SIMPLE  | domains | NULL   | ALL  | PRIMARY,name_index   
>> | NULL   | NULL| NULL|1 |   100.00 | 
>> NULL|
>> |  1 | SIMPLE  | records | NULL   | ref  | nametype_index,domain_id 
>> | nametype_index | 271 | powerdns.domains.name,const |1 |10.00 | 
>> Using where |
>> +----+-----+-++--+--++-+-+--+--+-+
>> 2 rows in set, 1 warning (0.01 sec)
>> 
>> 
>> 
>>> On 27 Feb 2025, at 11:04, frank--- via Pdns-users 
>>>  wrote:
>>> 
>>> explain select domains.id <http://domains.id/>, domains.name, 
>>> records.content, domains.type, domains.master, domains.notified_serial, 
>>> domains.last_check, domains.account, domains.catalog from domains LEFT JOIN 
>>> records ON records.domain_id=domains.id <http://domains.id/> AND 
>>> records.type='SOA' AND records.name=domains.name WHERE records.disabled=0
>>> 
>> 
> 
> ___
> Pdns-users mailing list
> Pdns-users@mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users

___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] Need help after the upgrade

2025-02-27 Thread frank--- via Pdns-users 
I just noticed something wierd in your query.

>  SELECT content,ttl,prio,type,domain_id,disabled,name,auth,ordername FROM 
> records WHERE (disabled=0 OR ?) and domain_id=? order by name, type

That "disabled=0 or ?" construct seems off to me. Can you please post your full 
and unedited (only mask the passwords, nothing else) PowerDNS config file?

Frank

> On 27 Feb 2025, at 15:23, Peter Zoltan Keresztes (zozo)  
> wrote:
> 
> Just did that increased it to 128M no change whatsoever.
> 
> Peter
> 
>> On 27 Feb 2025, at 16:22, fr...@kiwazo.be wrote:
>> 
>> Try increasing max_allowed_packet in your mysqld config, see if that helps...
>> 
>> 
>> Frank
>> 
>>> On 27 Feb 2025, at 15:10, Peter Zoltan Keresztes (zozo) via Pdns-users 
>>>  wrote:
>>> 
>>> This is really strange situation. 
>>> I have the list of records added to the domain. I can check pdnsutil 
>>> check-zone zozoo.io <http://zozoo.io/> works with no issue. I edit the zone 
>>> with pdnsutil edit-zone zozoo.io <http://zozoo.io/> I add yet another 
>>> boring A record nothing strange, when to apply I get
>>> Error: GSQLBackend unable to list domain 'zozoo.io': Could not execute 
>>> mysql statement: SELECT 
>>> content,ttl,prio,type,domain_id,disabled,name,auth,ordername FROM records 
>>> WHERE (disabled=0 OR ?) and domain_id=? order by name, type: Lost 
>>> connection to server during query
>>> I added the record directly into the mysql database. Running a dnsutil 
>>> check-zone zozoo.io <http://zozoo.io/> same error. I removed the record 
>>> from the backend via mysql I can run dnsutil check-zone zozoo.io 
>>> <http://zozoo.io/> with no issues.
>>> 
>>> Note I am running powerdns 4.9.4
>>> 
>>> 
>>>> On 27 Feb 2025, at 13:58, Peter Zoltan Keresztes (zozo) 
>>>>  wrote:
>>>> 
>>>> I have reinstalled the pdns exported the zones to csv files and readied 
>>>> the used one using pdnsutil however when I try to save sometimes I am 
>>>> getting the same errors.
>>>> 
>>>> mysql> explain select domains.id, domains.name, records.content, 
>>>> domains.type, domains.master, domains.notified_serial, domains.last_check, 
>>>> domains.account, domains.catalog from domains LEFT JOIN records ON 
>>>> records.domain_id=domains.id AND records.type='SOA' AND 
>>>> records.name=domains.name WHERE records.disabled=0
>>>> -> ;
>>>> ++-+-++--+--++-+-+--+--+-+
>>>> | id | select_type | table   | partitions | type | possible_keys   
>>>>  | key| key_len | ref | rows | 
>>>> filtered | Extra   |
>>>> ++-+-++--+--++-+-+--+--+-+
>>>> |  1 | SIMPLE  | domains | NULL   | ALL  | PRIMARY,name_index  
>>>>  | NULL   | NULL| NULL|1 |   
>>>> 100.00 | NULL|
>>>> |  1 | SIMPLE  | records | NULL   | ref  | 
>>>> nametype_index,domain_id | nametype_index | 271 | 
>>>> powerdns.domains.name,const |1 |10.00 | Using where |
>>>> ++-+-++--+--++-+-+--+--+-+
>>>> 2 rows in set, 1 warning (0.01 sec)
>>>> 
>>>> 
>>>> 
>>>>> On 27 Feb 2025, at 11:04, frank--- via Pdns-users 
>>>>>  wrote:
>>>>> 
>>>>> explain select domains.id <http://domains.id/>, domains.name, 
>>>>> records.content, domains.type, domains.master, domains.notified_serial, 
>>>>> domains.last_check, domains.account, domains.catalog from domains LEFT 
>>>>> JOIN records ON records.domain_id=domains.id <http://domains.id/> AND 
>>>>> records.type='SOA' AND records.name=domains.name WHERE records.disabled=0
>>>>> 
>>>> 
>>> 
>>> ___
>>> Pdns-users mailing list
>>> Pdns-users@mailman.powerdns.com
>>> https://mailman.powerdns.com/mailman/listinfo/pdns-users
>> 
> 

___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] Multips subnets in one Reverse Zone

2025-02-21 Thread frank--- via Pdns-users 
Hi Rob,

Yes, should be possible, PowerDNS won't complain about 2000-3000 or more 
records in the zone.

If you should or not depends on how often and how you'll change them.

Some web UIs might get slow if there are 3000 records in a zone, so try that 
out.

Frank


> On 21 Feb 2025, at 11:52, rob777 via Pdns-users 
>  wrote:
> 
> Hi
> 
> I have a theoretical question which i'm unsure about after AI und Forum 
> research.
> 
> - i have 300-400 IP Subnets (mostly /24 Subnets in 10.0.0/8 CIDR)
> - The devices in these 300-400 Subnets have A records in a internal Powerdns 
> Zone internal.mydomain.com  
> - There are not that much devices in these Subnetzs (total between 2000-3000 
> Devices/A-Record)
> - Until now we didnt have PTR Records in Reverse Zones for these internal 
> records
> - We are thinking about configuring PTR Records for these internal devices in 
> 300-400 Subnets
> - But if possible we would not like to have 300-400 Reverse Zones but instead 
> having one single Reverse Zone 10.in-addr.arpa for all the devices in the 
> subnets
> 
> So then having one PTR Zone 10.in-addr.arpa with entries like
> 
> 5.20.0.10.in-addr.arpa. IN PTR test.internal.mydomain.com 
> .
> 4.0.2.10.in-addr.arpa. IN PTR ab.internal.mydomain.com 
> .
> 11.25.0.10.in-addr.arpa. IN PTR cc.internal.mydomain.com 
> .
> etc.
> 
> So about 2000-3000 such PTR Records in one PTR Zone..
> 
> Question:
> - Is it possible with Powerdns
> - And if yes: would you do it with regards to "Best practice" (probably 
> not...)
> 
> 
> P.s i dont use any delegations on these internal Powerdns Servers
> ___
> Pdns-users mailing list
> Pdns-users@mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users

___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] Need help after the upgrade

2025-02-27 Thread frank--- via Pdns-users 
> 
> Forgot to mention: it also might be your DB schema is missing an
> index, making the zone cache query slow.


Posting the result of the following db query might help:

explain select domains.id , domains.name, records.content, 
domains.type, domains.master, domains.notified_serial, domains.last_check, 
domains.account, domains.catalog from domains LEFT JOIN records ON 
records.domain_id=domains.id  AND records.type='SOA' AND 
records.name=domains.name WHERE records.disabled=0___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] Request for Help with PowerDNS + Recursor Configuration for Final Year Project

2025-05-07 Thread frank--- via Pdns-users 

> On 7 May 2025, at 16:19, Nacho Oppo  wrote:
> 
> Hi, Frank 
> 
> 
> I believe I may not have explained the scenario clearly in my previous 
> messages. Let me try to clarify it with a simplified example, which might 
> better illustrate the situation:
> 
> I have a server A with IP address dirip-A. When this server connects to 
> servidor1.dominio.com , it must resolve to a 
> specific point-to-point IP: diripservidor1-serverA.
> 
> I also have a server B with IP address dirip-B. When this one connects to 
> servidor1.dominio.com , it must resolve to a 
> different IP: diripservidor1-serverB.
> 

Yes, Pdns-auth with LUA records (in MySQL or other) are a good solution for 
this. That's not the issue.

> So, depending on the source of the DNS query, the same hostname 
> (servidor1.dominio.com ) must resolve to a 
> different IP address. This is exactly the kind of logic that LUA records in 
> PowerDNS can handle, and this part I have working as expected.
> 
> However, the client also has another public server: 
> servidorpublico.dominio.com , and this 
> one must be resolved via an external DNS resolver (for example, Google DNS at 
> 8.8.8.8), as it is not managed internally.
> 
> What I’m struggling with is making the full combination work:
> 
> Using LUA records for selected domains (like servidor1.dominio.com 
> ),
> 
> And falling back to an external resolver for public domains (like 
> servidorpublico.dominio.com ) when no 
> local data is found.
> 

Key is that either dnsdist (best) or pdns-rec (second best) will need to know 
which names are to be resolved by pdns-auth. 

Solve that, you've solved it. But don't try things like "have pdns-auth do 
resolving" or "intercept the nxdomain from auth and send elsewhere" or "have 
pdns-rec be auth".

Frank



> Best Regards
> Nacho
> 
> El mié, 7 may 2025 a las 16:07, mailto:fr...@kiwazo.be>> 
> escribió:
>> Hi Nacho,
>> 
>> How "static" is the list of domains which need to resolve locally? Updated 
>> sub-second? Once every minute? Once every hour?
>> 
>> I would not use pdns-recursor at all. I would let dnsdist be the first point 
>> of entry, with 2 pools: a "auth" pool and a resolver pool.
>> 
>> Add the pdns-auth (with MySQL and Lua records) to the auth pool. Have 
>> pdns-auth ONLY serve the special records, with the lua handling.
>> 
>> Add 8.8.8.8 (and maybe 1.1.1.1/9.9.9.9  as well) to 
>> the resolver pool. Tell dnsdist to read a set of "special" domains from a 
>> text file. Tell it that IF (and only IF) the qname is part of the domains 
>> which is on the "special" list, it should send the query to the auth pool. 
>> In every other case (normal resolving), send it to the resolving pool 
>> (8.8.8.8 and others).
>> 
>> To be VERY VERY VERY VERY clear: what you proposed in the first mail is very 
>> very very very bad practice. If the scoring of the project is done by 
>> somebody who has any real life experience with dns, you'd fail. We don't 
>> want you to fail. So with the advise I and others on the list have given 
>> you, please go back to the drawing board and rethink your design.
>> 
>> Frank
>> 
>>> On 7 May 2025, at 16:04, Nacho Oppo via Pdns-users 
>>> mailto:pdns-users@mailman.powerdns.com>> 
>>> wrote:
>>> 
>>> Thanks  William,
>>> 
>>> I answer you between the lines
>>> 
>>> 1. This is bad practice.
>>> 
>>> It may be a bad practice, but it is the chosen one and it is the one that I 
>>> hope will give me the approval.
>>> 
>>> 
>>> 2. The goal of an assignment can’t be to have someone else do it for you. 
>>> What’s the point?
>>> 
>>> I am clear that it has to be this way, I need to understand it in order to 
>>> explain it.
>>> 
>>> 
>>> 3. What have you tried? “It doesn’t work” doesn’t indicate any effort.
>>> 
>>> I've installed and uninstalled the software several times, run separate 
>>> tests on the DNS server, and it resolves the names I put in the database. 
>>> However, the moment I try to add another DNS server to resolv.conf, it 
>>> stops responding to local DNS servers and goes online to look for them. 
>>> When I installed the Recursor, things got even worse because, despite not 
>>> having another DNS server in resolv.conf or the config, the service 
>>> resolved names for me, and I don't really understand how it did it.
>>> 
>>> 4. Should a Computer Science assignment really be this high-level?
>>> 
>>> They proposed it to me and I thought it wouldn't be as complicated as it's 
>>> turning out to be.
>>> 
>>> Nacho.
>>> 
>>> El mié, 7 may 2025 a las 10:27, William Edwards via Pdns-users 
>>> (>> >) escribió:
 1. This is bad practice. 
 2. The goal of an assignment can’t be to have someone else do it for you. 
 What’s the point?
 3. What have

Re: [Pdns-users] Request for Help with PowerDNS + Recursor Configuration for Final Year Project

2025-05-07 Thread frank--- via Pdns-users 

> On 7 May 2025, at 10:04, Nacho Oppo via Pdns-users 
>  wrote:
> 
> The goal is to configure PowerDNS so that it first checks an A record in a 
> MySQL backend, and if the record is not found o if database does´not respond, 
> it should forward the query to an external DNS server, such as Google’s 
> (8.8.8.8).


Is this really the goal your professor gave you? Unless this is for one or two 
corporate domains, considered to be a bad practice in general.

That being said, if the records come from a MySQL database, you'll need to 
query the database from Lua in a preresolve() hook OR (much better solution) 
you'll need multiple components. 
Crucial in that last solution is that the resolver (or dnsdist, as that might 
make things easier) knows which domains are "local" and thus need to be send to 
PowerDNS Auth, and which aren't, and need to be sent to Google.

But please, reread paragraph 1. Also check with your professor if you've 
correctly understood the assignment, as this sounds like a bad practice.

Kind Regards,


Frank Louwers
PowerDNS Certified Consultant @ Kiwazo.com
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users