The posting Completely different: BIND 1 ... / 2012-12-21

2012-12-21 The posting Completely different: BIND 1 ... 6 years ago
The posting Completely different: BIND 10 - Jan-Piet Mens triggered me to have a look at my resolver/authoritive setup at home. I was running only bind 9 both as authoritive server for several zones and as resolver for home systems but I decided to test a setup with those functions split. For fun I tried it with recursion in pdns-recursor, part of PowerDNS while keeping bind9 for the authoritive server. I had to select the right IPv6 and IPv4 addresses for authoritive and resolving servers. I do have enough addresses at home thanks to IPv6 and IPv4-with-NAT to do this, but I have to select the right ones. The server at home is known as ns2.idefix.net so the choice of addresses for the authoritive server is easy. So the relevant part of the bind9 configuration in named.conf:
    listen-on-v6 {
        2001:980:14ca:42::694; # auth ext
    };
    listen-on {
        82.95.196.202; # auth ext
    };
And the pdns-recursor in recursor.conf is set up like:
# local-address IP addresses to listen on, separated by spaces or commas
#
local-address=127.0.0.1,2001:980:14ca:42::18,10.42.2.1,::1
It was a bit of pondering which process got to listen on the v4/v6 localhost address, but I think the resolver is the best candidate. The resolver advertised in radvd.conf has been adjusted.

The next thing to setup was a certain set of zones that the recursor can't find on the Internet, so they need to be asked directly from the authoritive bind9 server. I configured this in recursor.conf like:
forward-zones=koos.koffie.dot=82.95.196.202,10.in-addr.arpa=82.95.196.202,a.c.4.1.0.8.9.0.1.0.0.2.ip6.arpa=82.95.196.202
I tried this with the IPv6 addresses for the authoritive server but this makes pdns-recursor not answer at all, so I reverted to IPv4 for the moment until I understand what is going wrong and why. Testing this makes pdns-recursor hang for other queries too, so for full debugging I need to test this in a way that doesn't affect the rest of my home network. From the command-line the requests work over both IPv6 and IPv4. Enabling query-logging in bind9 doesn't show those requests coming in.

Update: If I read things correctly forward-zones with IPv6 support only came in powerdns-recursor 3.2 and ubuntu 8.04 comes with pdns-recursor 3.1.4. Switching to pdns-recursor from hardy-backports upgrades to 3.3-2~hardy1 and forward-zones starts working over IPv6. Less legacy IP, more IPv6!
forward-zones=koos.koffie.dot=2001:980:14ca:42::694,10.in-addr.arpa=2001:980:14ca:42::694,a.c.4.1.0.8.9.0.1.0.0.2.ip6.arpa=2001:980:14ca:42::694
And it works.

Tags: , ,

, reachable as koos+website@idefix.net. PGP encrypted e-mail preferred.

PGP key 5BA9 368B E6F3 34E4 local copy PGP key 5BA9 368B E6F3 34E4 via keyservers pgp key statistics for 0x5BA9368BE6F334E4 Koos van den Hout
RSS
Other webprojects: Camp Wireless, wireless Internet access at campsites, The Virtual Bookcase, book reviews
This page generated in 0.004366 seconds.