Re: [Pdns-users] Recursor forwarder DoT configuration

2023-09-09 Thread Christoph via Pdns-users
If you need DNSEC validation you must use recursor, dnsdist cannot do that. Others might reflect on the dnsdist cache performance and hit ratio's compared to recursor's packet cache and/or record cache. Do note that dnsdist cache is more like the recursor's packet cache. Thanks for confirming

Re: [Pdns-users] Recursor forwarder DoT configuration

2023-09-09 Thread Otto Moerbeek via Pdns-users
On Sat, Sep 09, 2023 at 08:07:02AM +0200, Christoph via Pdns-users wrote: > > I do wonder about the purpose of the recursor in the > > > > recursor -> dnsdist -> upstream-recursive > > > > case. You might as well use > > > > dnsdist -> upstream-recursive > > > > With a caching dnsdist. > > Unl

Re: [Pdns-users] Recursor forwarder DoT configuration

2023-09-08 Thread Christoph via Pdns-users
I do wonder about the purpose of the recursor in the recursor -> dnsdist -> upstream-recursive case. You might as well use dnsdist -> upstream-recursive With a caching dnsdist. Unless you need recursor specific functionality, of course. It was my impression that dnsdist was meant for smaller

Re: [Pdns-users] Recursor forwarder DoT configuration

2023-09-08 Thread Otto Moerbeek via Pdns-users
On Fri, Sep 08, 2023 at 11:56:07PM +0200, Christoph via Pdns-users wrote: > Thanks a lot for the fast reply, very much appreciated! > best regards, > Christoph I do wonder about the purpose of the recursor in the recursor -> dnsdist -> upstream-recursive case. You might as well use dnsdist ->

Re: [Pdns-users] Recursor forwarder DoT configuration

2023-09-08 Thread Christoph via Pdns-users
Thanks a lot for the fast reply, very much appreciated! best regards, Christoph ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] Recursor forwarder DoT configuration

2023-09-08 Thread Otto Moerbeek via Pdns-users
On Fri, Sep 08, 2023 at 04:50:18PM +0200, Christoph via Pdns-users wrote: > Hello! > > I'm looking for documentation about configuring > recursor to talk DoT to a recursive resolver. > > This minimal config works: > > dot-to-port-853=yes > forward-zones-recurse=.=1.1.1.1:853;1.0.0.1:853 > > bu

Re: [Pdns-users] Recursor forwarder DoT configuration

2023-09-08 Thread Brian Candler via Pdns-users
On 08/09/2023 15:50, Christoph via Pdns-users wrote: - does it validate the server certificate? how do I configure the name when performing certificate verification? Not answering your questions about PDNS recursor specifically, but I'll just point out that 1.1.1.1:853 and 1.0.0.1:853 both ha

[Pdns-users] Recursor forwarder DoT configuration

2023-09-08 Thread Christoph via Pdns-users
Hello! I'm looking for documentation about configuring recursor to talk DoT to a recursive resolver. This minimal config works: dot-to-port-853=yes forward-zones-recurse=.=1.1.1.1:853;1.0.0.1:853 but compared to DNSdist newServer() configuration options I'm not sure about: - does it validate