On 07/05/2025 09:04, Nacho Oppo via Pdns-users wrote:
The goal is to configure PowerDNS so that it first checks an A record
in a MySQL backend, and if the record is not found o if database
does´not respond, it should forward the query to an external DNS
server, such as Google’s (8.8.8.8).
Firstly, be clear: are you talking about PDNS Recursor or Authoritative
Server? Those are two completely different roles in the DNS, and
PowerDNS provides two separate pieces of software.
If what you're trying to provide is a hidden view of a domain, which is
different from what the Internet at large is seeing, then you would
implement it on whatever local recursor the client is using. Probably
the best way to do that is with a Response Policy Zone (RPZ) to override
specific names:
https://www.isc.org/rpz/
https://blog.powerdns.com/2016/06/28/response-policy-zone-support-in-powerdns-recursor
https://doc.powerdns.com/recursor/lua-config/rpz.html
This provides exactly what you ask for: synthesise a result if the
answer is given by the RPZ, and fall back to normal recursive behaviour
if not.
As far as I can tell, the RPZ feature in PDNS recursor can't query mysql
directly, but the RPZ can be retrieved using AXFR/IXFR, so in principle
you could set up a separate PDNS authoritative server with Mysql backend
to serve the RPZ.
Otherwise: if you were thinking of doing this query manipulation on an
authoritative server: don't. An authoritative server should never
forward a query to a recursor, with the possible exception of expanding
ALIAS records (which aren't real RR's anyway). Think about it: if your
server were properly authoritative for a domain, the Google recursor on
8.8.8.8 could end up sending the query back to the same server.
_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users
