PowerDNS /localhost recursion/cache/iptables
 

Hello,

I am a newbie in Linux.

I have Fedora 13 OS 32 bits.

I am working with PowerDNs and Poweradmin.


How can I configure this with PowerDNS?

1. Allow localhost recursion but deny recursion to external clients.
Is there a tutorial for that?

2. Set up cache nameserver for localhost (like caching-nameserver in Bind).
Is there a tutorial for that?

3. My Master Server with PowerDNS is working well from localhost
but external clients cannot access it.

I have iptables with these rules:


*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]

# Keep state.
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# PowerDNS for external clients
-A INPUT -m state --state NEW -p udp --dport 53 -j ACCEPT
-A INPUT -m state --state NEW -p tcp --dport 53 -j ACCEPT

# Loop device.
-A INPUT -i lo -j ACCEPT

COMMIT


Are they ok? Should I add something else in iptables?

Thanks

I only have recently started using powerdns recursor locally.
On your box make an eth iface alias, give it a lan address and have your pdns recursor listen on that address.
For your authoritative pdns you probably want to run it in a chroot.

But really it seems you should stop, step back and define your config at a high-level.

Questions to consider and answer to yourself:
Do lan hosts talk to the auth dns and the recursor?
Does the wan and lan use different ifaces?

Just a drawing on paper can go a lng way.

I have not used poweradmin or powerdns auth dns, only recursor.
Also haven't looked at fedora in a year or so and probably never will again.