Sophie

Sophie

distrib > Mageia > 1 > i586 > by-pkgid > b24f4357c8479344be16703c233650c5 > files > 66

pdns-2.9.22-9.mga1.i586.rpm

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd">
<HTML
><HEAD
><TITLE
>Recursion</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.79"><LINK
REL="HOME"
TITLE="PowerDNS manual"
HREF="index.html"><LINK
REL="PREVIOUS"
TITLE="Migrating to PDNS"
HREF="migration.html"><LINK
REL="NEXT"
TITLE="PowerDNS resolver/recursing nameserver"
HREF="built-in-recursor.html"></HEAD
><BODY
CLASS="CHAPTER"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>PowerDNS manual</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="migration.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
></TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="built-in-recursor.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="CHAPTER"
><H1
><A
NAME="RECURSION"
></A
>Chapter 11. Recursion</H1
><P
>(only available from 1.99.8 and onwards, recursing component available since 2.9.5)</P
><P
>      From 2.9.5 onwards, PowerDNS offers both authoritative nameserving capabilities and a recursive nameserver component. These two halves
      are normally separate but many users insist on combining both recursion and authoritative service on one IP address. This can be likened 
      to running Apache and Squid both on port 80.
    </P
><P
>      However, many sites want to do this anyhow and some with good reason. For example, a setup like this allows the creation of fake domains
      which only exist for local users. Such domains often don't end on ".com" or ".org" but on ".intern" or ".name-of-isp".
    </P
><P
>      PowerDNS can cooperate with either its own recursor or any other you have available to deliver recursive service on its port.
    </P
><P
>      By specifying the <B
CLASS="COMMAND"
>recursor</B
> option in the configuration file, questions requiring recursive treatment will be handed over
      to the IP address specified. An example configuration might be <B
CLASS="COMMAND"
>recursor=130.161.180.1</B
>, which designates 130.161.180.1 as
      the nameserver to handle recursive queries.
    </P
><P
>      As of 2.9.5, the recursing component of PowerDNS is a bit young and relatively untested but we hope people will want to use it anyhow. As an alternative,
      we highly advise the use of the DJBDNS dnscache (<A
HREF="http://cr.yp.to/djbdns/dnscache.html"
TARGET="_top"
>http://cr.yp.to/djbdns/dnscache.html</A
>).
    </P
><P
>      Take care not to point <B
CLASS="COMMAND"
>recursor</B
> to PDNS, which leads to a very tight packet loop!
    </P
><P
>      By specifying <B
CLASS="COMMAND"
>allow-recursion</B
>, recursion can be restricted to netmasks specified. The default is to allow
      recursion from everywhere. Example: <B
CLASS="COMMAND"
>allow-recursion=192.168.0.0/24, 10.0.0.0/8, 1.2.3.4</B
>.
    </P
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="RECURSION-DETAILS"
>11.1. Details</A
></H1
><P
>	Questions carry a number of flags. One of these is called 'Recursion Desired'. If PDNS is configured to allow recursion, AND such a flag
	is seen, AND the IP address of the client is allowed to recurse via PDNS, then the packet may be handed to the recursing backend.
      </P
><P
>	If a Recursion Desired packet arrives and PDNS is configured to allow recursion, but not to the IP address of the client, resolution will proceed 
	as if the RD flag were unset and the answer will indicate that recursion was not available.
      </P
><P
>	It is also possible to use a resolver living on a different port. To do so, specify a recursor like this: 
	<B
CLASS="COMMAND"
>recursor=130.161.180.1:5300</B
>.
      </P
><P
>	If the backend does not answer a question within a large amount of time, this is logged as 'Recursive query for remote 10.96.0.2 with internal id 0 
	was not answered by backend within timeout, reusing id'. This may happen when using 'BIND' as a recursor as it is prone to drop queries which it can't 
	answer immediately.
      </P
><P
>	To make sure that the local authoritative database overrides recursive information, PowerDNS first tries to answer a question from its own database.
	If that succeeds, the answer packet is sent back immediately without involving the recursor in any way. This means that for questions for which there is no answer, PowerDNS will consult the recursor for an recursive query, even if PowerDNS is authoritative for a domain! This will only cause problems if you 'fake' domains which don't really exist.
      </P
><P
>	If you want to create such fake domains or override existing domains, please set the <B
CLASS="COMMAND"
>allow-recursion-override</B
> feature (available as of 2.9.14).
      </P
><P
>	Some packets, like those asking for MX records which are needed for SMTP transport of email, can be subject to 'additional processing'. This means
	that a recursing nameserver is obliged to try to add A records (IP addresses) for any of the mailservers mentioned in the packet, should it have 
	these addresses available.
      </P
><P
>	If PowerDNS encounters records needing such processing and finds that it does not have the data in its authoritative database, it will send 
	an opportunistic quick query to the recursing component to see if it perhaps has such data. This question is worded such that the recursing nameserver
	should return immediately such as not to block the authoritative nameserver.
      </P
><P
>	This marks a change from pre-2.9.5 behaviour where a packet was handed wholesale to the recursor in case it needed additional processing which could
	not proceed from the authoritative database.
      </P
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="migration.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="built-in-recursor.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Migrating to PDNS</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
>&nbsp;</TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>PowerDNS resolver/recursing nameserver</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional