I am new to the world of DNS servers, but as a part of my current job I should do upgrade on our office network infrastructure.
After looking at available options i decided to go with PowerDNS solution PDNS server. Mostly because of easy management option through MySQL backend.
I already have PDNS server running and even working for my needs, but I see some significant differences between responses from our old BIND9 and new PDNS: additional section is missing, the answer is "not authorative" etc.
Basically the requirements for our DNS are:
- If requested domain is in records on MySQL backend (for example intranet-domain.ourdomain.com), then response should be authorative.
- If requested domain that is not in records in MySQL backend, then the request should be forwarded to external network to get answer from appropriate authorative DNS.
Our current setup is:
- Debian 7
- pdns (3.2 from standard repo) + pdns-backend-mysql + poweradmin
- pdns-recursor (otherwise it was not resolving any external domain names)
Questions:
- Do I really need pdns-recursor in order to make resolution of external addresses to work? If there is a way to forward unknown addresses to ISPs DNS, please enlighten me.
- How to make responses look more like BIND9? For example, I also want to see additional section telling me about NS for requested address etc.
- Additionally if i put on our DHCP PDNS as primary and BIND9 as secondary, then the response will always come from BIND9 instead of PDNS. Although I imported all the records and zones from BIND9 to MySQL backend. How to fix it?
pdns.conf:
allow-recursion=192.168.1.0/8,10.0.0.0/16,127.0.0.0/8
allow-recursion-override=on
config-dir=/etc/powerdns
daemon=yes
disable-axfr=yes
guardian=yes
lazy-recursion=yes
local-address=192.168.1.5
local-port=53
master=yes
module-dir=/usr/lib/powerdns
recursor=127.0.0.1
setgid=pdns
setuid=pdns
socket-dir=/var/run
version-string=powerdns
out-of-zone-additional-processing=yes
include=/etc/powerdns/pdns.d
recursor.conf:
local-address=127.0.0.1
local-port=53
quiet=yes
setgid=pdns
setuid=pdns
pdns.local.gmysql:
launch=gmysql
gmysql-host=localhost
gmysql-port=
gmysql-dbname=pdns
gmysql-user=pdns
gmysql-password=pdns
gmysql-dnssec=yes
Best Answer
It sounds like you want to combine a recursive resolver and an authoritative nameserver into one server.
http://doc.powerdns.com/html/recursion.html
The doc goes on to state, N.B.:
It looks like you've managed to seperate the two by putting pdns-recursor on 127.0.0.1 only.
You can test by sending a dig or host command to the IP of your server and watch what happens with wireshark or tcpdump on all interfaces of your dns server.
Regarding the authoritative flag, please see question number 3:
http://doc.powerdns.com/pdns-users-faq.html
EDIT based on comment:
If you want to use another nameserver as your recursor, set it in the recursor setting of pdns.conf. E.g: