I created a test network. It is a star VPN network with: - 1 main router - 2 subrouters (DrayTek Vigor 2920) - behind each router a client - behind the main router a PowerDNS machine
now the network seems to run perfectly, From one location I can reach computers in other locations. In each location I can do a DNS lookup for machines in this network.
The thing is that reverse lookups are not working well. per example:
In subrouter 1 I can reverse lookup names for every machine, except for machines within the network of subrouter 1. When I am on a machine in subrouter 2 I can reverse lookup every machine (also from subrouter 1) except for machines in the network of subrouter 2 When I am on a machine behind the main router every reverse lookup works well.
This all gives me to think that it must be an issue with the routing in the VPN network.
So here is the VPN setup:
Main router IP:
ip 10.20.0.254
mask: 255.255.255.0
Router 1 IP:
ip 10.20.1.254
mask 255.255.255.0
Router 2 IP:
ip 10.20.2.254
mask 255.255.255.0
VPN Info Main Router to Router 1:
Remote Network IP: 10.20.1.254
Remote Network Mask: 255.255.255.0
Local Network IP: 10.20.0.254
Local Network Mask: 255.255.255.0
VPN Info Router 1 to Main router:
Remote Network IP: 10.20.0.0
Remote Network Mask: 255.255.255.0
Local Network IP: 10.20.2.254
Local Network Mask: 255.255.255.0
I am using PowerDNS with Mysql and PDNS recursor
config pdns.conf:
allow-recursion=127.0.0.1
cache-ttl=60
config-dir=/etc/powerdns
daemon=yes
disable-axfr=yes
guardian=yes
lazy-recursion=yes
local-address=0.0.0.0
local-port=5300
log-dns-details=yes
log-failed-updates=yes
logfile=/var/log/pdns.log
logging-facility=0
loglevel=4
module-dir=/usr/lib/powerdns
query-cache-ttl=60
recursor=127.0.0.1:53
setgid=pdns
setuid=pdns
socket-dir=/var/run
wildcard-url=yes
gmysql-host=localhost
gmysql-port=3306
gmysql-dbname=pdns
gmysql-password=Password
gmysql-user=pdns
gmysql-socket=/var/run/mysqld/mysqld.sock
recursor.conf
allow-from=127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fe80::/10
local-address=127.0.0.1, 10.20.0.4
local-port=53
log-common-errors=yes
max-negative-ttl=3600
quiet=yes
setuid=pdns
version-string=PowerDNS Recursor 3.3
Here is what I see if I start PDNS-Recursor or if I do a pdns_recursor status:
Sep 25 14:47:00 PowerDNS Recursor 3.6.1 (jenkins@autotest.powerdns.com) (C) 2001-2014 PowerDNS.COM BV
Sep 25 14:47:00 Using 32-bits mode. Built on 20140910211642 by buildd@babin.debian.org, gcc 4.7.2.
Sep 25 14:47:00 PowerDNS comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it according to the terms of the GPL version 2.
Sep 25 14:47:00 Reading random entropy from '/dev/urandom'
Sep 25 14:47:00 Only allowing queries from: 127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fe80::/10
Sep 25 14:47:00 Will not send queries to: 127.0.0.0/8, 10.0.0.0/8, 100.64.0.0/10, 169.254.0.0/16, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fe80::/10, 0.0.0.0, ::
Sep 25 14:47:00 If using IPv6, please raise sysctl net.ipv6.route.max_size, currently set to 4096 which is < 16384
Sep 25 14:47:00 NOT using IPv6 for outgoing queries - set 'query-local-address6=::' to enable
Sep 25 14:47:00 Redirecting queries for zone 'test.openforest.' to: 127.0.0.1:5300
Sep 25 14:47:00 Redirecting queries for zone '20.10.in-addr.arpa.' to: 127.0.0.1:5300
Sep 25 14:47:00 Inserting rfc 1918 private space zones
Sep 25 14:47:00 Exception: Resolver binding to server socket on port 53 for 10.20.0.4: Address already in use
Now I am most worried about the "Will not send queries to:" part
