Open sshipway opened 4 years ago
I had big problems when upgrading to newer PDNS within my org with hundres of zones, but this big problem had a somewhat simple and stupid work around though:
Hourly cronjob that fetches whatever is in the authoritative database:
#!/bin/bash
su -c 'psql -d pdns -t -c "select name from domains"' postgres |sed '/^$/d'|awk '{print $1"=127.0.0.1:6666"}' > /opt/dns-forwardfile/forward.dns
rec_control reload-zones
then in recursor conf:
forward-zones-file=/opt/dns-forwardfile/forward.dns
Its not very bulletproof and could potentially create sad tears when the file is all of sudden empty. I would love to automate this in a safer way.
@pentiumoverdrive -- I am currently doing similar, except that instead of using psql
to get the domain list I'm using pdns_control list-zones
(with a bit more shell wrapped around to make sure I don't accidentally erase the forwards file if something goes wrong). Work,s but not ideal and I would like to see this functionality integrated into pdns-recursor.
Short description
The Recursor currently allows forward rules to be specified using explicit zones, or a file. It would be very helpful (for smaller installations) to also support the API of a Resolver as the source -- IE forward all requests for Zones handled by this resolver to this resolver.
Usecase
Small organisations will likely use a single Resolver. The latest version of pdns now means it is necessary to also have a recursor installed, but this then needs to know the domains to send to the resolver - if you have split DNS or unadvertised local slaves then just following NS records won't work. Allowing the Resolver to automatically configure itself from the API would make this much simpler that having to have a separate cronjob exporting to a file which is then loaded.
Description
In the recursor.conf, have an option similar to forward-pdns=127.0.0.1:8081:secret=127.0.0.1:5300
This would mean "connect to the PDNS API on 127.0.0.1:8081, using API key 'secret', and identify the Zones on that server. Any queries for these zones, forward to 127.0.0.1:5300"
It would also be necessary to refresh this periodically (possibly a separate setting for frequency) in case of new zones being added.
We can achieve a similar effect using a periodic cronjob to do
pdns_control list-zones
into a file and then callrec_control reload-zones
but it would be preferable to have this functionality built-in.