LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-08-2011, 12:24 PM   #1
peace18
LQ Newbie
 
Registered: Feb 2011
Posts: 19

Rep: Reputation: 0
PowerDNS /localhost recursion/cache/iptables


Hello,

I am a newbie in Linux.

I have Fedora 13 OS 32 bits.

I am working with PowerDNs and Poweradmin.


How can I configure this with PowerDNS?

1. Allow localhost recursion but deny recursion to external clients.
Is there a tutorial for that?

2. Set up cache nameserver for localhost (like caching-nameserver in Bind).
Is there a tutorial for that?

3. My Master Server with PowerDNS is working well from localhost
but external clients cannot access it.

I have iptables with these rules:


*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]

# Keep state.
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# PowerDNS for external clients
-A INPUT -m state --state NEW -p udp --dport 53 -j ACCEPT
-A INPUT -m state --state NEW -p tcp --dport 53 -j ACCEPT

# Loop device.
-A INPUT -i lo -j ACCEPT

COMMIT



Are they ok? Should I add something else in iptables?

Thanks
 
Old 03-09-2011, 11:32 AM   #2
timetraveler
Member
 
Registered: Apr 2010
Posts: 243
Blog Entries: 2

Rep: Reputation: 31
I only have recently started using powerdns recursor locally.
On your box make an eth iface alias, give it a lan address and have your pdns recursor listen on that address.
For your authoritative pdns you probably want to run it in a chroot.

But really it seems you should stop, step back and define your config at a high-level.

Questions to consider and answer to yourself:
Do lan hosts talk to the auth dns and the recursor?
Does the wan and lan use different ifaces?

Just a drawing on paper can go a lng way.

I have not used poweradmin or powerdns auth dns, only recursor.
Also haven't looked at fedora in a year or so and probably never will again.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
IPTABLES bounce outbound IP back to localhost clunk Linux - Networking 2 10-05-2009 03:19 AM
PowerDNS recursion rozilla Linux - Server 1 10-25-2008 07:25 PM
Bind Iptables can't access out of localhost wspivak Linux - Server 4 03-26-2008 09:28 PM
iptables: if connected to localhost, forward to remote ip sl_king Linux - Networking 4 08-19-2005 07:52 PM
tar: '--no-recursion' option doesn't prevent recursion Earl Parker II Slackware 12 08-17-2004 03:49 AM


All times are GMT -5. The time now is 01:17 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration