1

I'm using PowerDNS instance to serve my own domains. All clients in my network are using this DNS server.

How can I configure PowerDNS to query my ISP's DNS servers (for that domains that I don't know)? Is this the right way?

recursor=8.8.8.8:53
allow-recursion=10.0.0.0/8

Is it possible to specify multiple DNS servers? For example 8.8.8.8 and 8.8.4.4.

Xdg
  • 327
  • 5
  • 13

1 Answers1

5

Your syntax is essentially correct although for the default DNS port the :53 can be omitted. 

recursor=8.8.8.8
allow-recursion=10.0.0.0/8

Only a single server is supported as far as I'm aware, probably because the PowerDNS project is in agreement that it is considered a bad idea to combine an Authoritative nameserver with Recursing nameserver role as the manual states:

Warning: Using recursor is NOT RECOMMENDED as it comes with many potentially nasty surprise. Background: http://cr.yp.to/djbdns/separation.html

HBruijn
  • 72,524
  • 21
  • 127
  • 192
  • Thank you. I don't get why PowerDNS does not recommend it, because I want to use one DNS server and be able to resolve all hosts.. BIND supports it with `forwarders`. – Xdg Dec 31 '15 at 13:25
  • 1
    @Xdg It goes against best practices even in BIND land, because the problems are not specific to the choice of DNS product. Please read the link that was included above. – Andrew B Dec 31 '15 at 16:48
  • Okay. So I have to flip it over - point client to recursive DNS and that DNS point to my authoritative PowerDNS? Because if I would point client to two DNS, there would be timeouts. – Xdg Jan 01 '16 at 12:19
  • 1
    Yep that is the recommended way (from a pure DNS perspective). Assign your clients the caching, recursing nameservers. You may need to configure those with a hint on where to find the authoritative nameservers for your internal zones if those can't found through the normal DNS delegation method. – HBruijn Jan 01 '16 at 12:27