pdns Version: 0.0.2081g7b9b55d (Master branch and version 4.1)
pdns-recursor Version: 0.0.1960g7b9b55d (Master branch and version 4.1)
dnsdist Version: 1.2.0
There are 3 servers with galera backend on two of themes there are pdns + pdns-recursor + dnsdist
Configs from one of them:
/etc/pdns-recursor/recursor.conf
setuid=pdns-recursor
setgid=pdns-recursor
local-address=127.0.0.1
local-port=5301
hint-file=/etc/pdns-recursor/root.zone
allow-from=127.0.0.0/8
/etc/pdns/pdns.conf
setuid=pdns
setgid=pdns
launch=gmysql
gmysql-host=127.0.0.1
gmysql-user=powerdns_user
gmysql-dbname=powerdns
gmysql-password=
allow-axfr-ips=127.0.0.0/8, 192.0.2.5/32
cache-ttl=60
control-console=no
default-soa-name=ns2.example.ru
default-soa-mail=support@example.ru
default-ttl=3600
disable-axfr=no
local-port=5300
local-address=127.0.0.1
do-ipv6-additional-processing=yes
log-dns-queries=yes
logging-facility=0
loglevel=4
master=yes
max-queue-length=5000
max-tcp-connections=20
/etc/dnsdist/dnsdist.conf
setLocal('127.0.0.1')
addLocal('192.0.1.5')
setACL({'0.0.0.0/0', '::/0'}) -- Allow all IPs access
newServer({address='127.0.0.1:5300', pool='auth'})
newServer({address='127.0.0.1:5301', pool='recursor'})
recursive_ips = newNMG()
recursive_ips:addMask('127.0.0.0/8')
recursive_ips:addMask('192.0.1.0/24')
recursive_ips:addMask('192.0.2.0/24')
addAction(NetmaskGroupRule(recursive_ips), PoolAction('recursor'))
addAction(AllRule(), PoolAction('auth'))
There are domains at the Authoritative server. e.g. google123.com
When i try to resolv this address from the IPs of allowed recursive_ips
including @127.0.0.1, get those:
# dig ANY google123.com @192.0.1.5
; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7_4.1 <<>> ANY google123.com @192.0.1.5
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 54293
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google123.com. IN ANY
;; AUTHORITY SECTION:
com. 2118 IN SOA a.dns.ripn.net. hostmaster.ripn.net. 4032536 86400 14400 2592000 3600
;; Query time: 64 msec
;; SERVER: 192.0.1.5#53(192.0.1.5)
;; WHEN: Sat Jan 27 01:11:38 MSK 2018
;; MSG SIZE rcvd: 102
If I try to resolv this domain from another network - get those:
#dig ANY google123.com @192.0.1.5
;; Truncated, retrying in TCP mode.
; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7_4.1 <<>> ANY google123.com @192.0.1.5
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34025
;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 3
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1680
;; QUESTION SECTION:
;google123.com. IN ANY
;; ANSWER SECTION:
google123.com. 86400 IN A 192.0.1.7
google123.com. 86400 IN NS ns1.example.ru.
google123.com. 86400 IN NS ns2.example.ru.
google123.com. 86400 IN SOA ns1.example.ru. hostmaster.example.ru. 2018012603 28800 7200 604800 86400
;; ADDITIONAL SECTION:
ns1.example.ru. 86400 IN A 192.0.1.5
ns2.example.ru. 86400 IN A 192.0.2.5
;; Query time: 3 msec
;; SERVER: 192.0.1.5#53(192.0.1.5)
;; WHEN: Fri Jan 26 23:16:29 CET 2018
;; MSG SIZE rcvd: 181
It seems, that recursor got answer and it`s OK.
How i can setup dnsdist to get answers about records of domains at Authoritative from IPs in recursive_ips
.
I tried different ways, but no one work.