LinuxQuestions.org
Visit Jeremy's Blog.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
Reload this Page PowerDNS /localhost recursion/cache/iptables
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-08-2011, 11:24 AM   #1
peace18
LQ Newbie
 
Registered: Feb 2011
Posts: 19

Rep: Reputation: 0
PowerDNS /localhost recursion/cache/iptables

Hello,

I am a newbie in Linux.

I have Fedora 13 OS 32 bits.

I am working with PowerDNs and Poweradmin.


How can I configure this with PowerDNS?

1. Allow localhost recursion but deny recursion to external clients.
Is there a tutorial for that?

2. Set up cache nameserver for localhost (like caching-nameserver in Bind).
Is there a tutorial for that?

3. My Master Server with PowerDNS is working well from localhost
but external clients cannot access it.

I have iptables with these rules:


*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]

# Keep state.
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# PowerDNS for external clients
-A INPUT -m state --state NEW -p udp --dport 53 -j ACCEPT
-A INPUT -m state --state NEW -p tcp --dport 53 -j ACCEPT

# Loop device.
-A INPUT -i lo -j ACCEPT

COMMIT


Are they ok? Should I add something else in iptables?

Thanks
 
Old 03-09-2011, 10:32 AM   #2
timetraveler
Member
 
Registered: Apr 2010
Posts: 243
Blog Entries: 2

Rep: Reputation: 31
I only have recently started using powerdns recursor locally.
On your box make an eth iface alias, give it a lan address and have your pdns recursor listen on that address.
For your authoritative pdns you probably want to run it in a chroot.

But really it seems you should stop, step back and define your config at a high-level.

Questions to consider and answer to yourself:
Do lan hosts talk to the auth dns and the recursor?
Does the wan and lan use different ifaces?

Just a drawing on paper can go a lng way.

I have not used poweradmin or powerdns auth dns, only recursor.
Also haven't looked at fedora in a year or so and probably never will again.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
IPTABLES bounce outbound IP back to localhost clunk Linux - Networking 2 10-05-2009 02:19 AM
PowerDNS recursion rozilla Linux - Server 1 10-25-2008 06:25 PM
Bind Iptables can't access out of localhost wspivak Linux - Server 4 03-26-2008 08:28 PM
iptables: if connected to localhost, forward to remote ip sl_king Linux - Networking 4 08-19-2005 06:52 PM
tar: '--no-recursion' option doesn't prevent recursion Earl Parker II Slackware 12 08-17-2004 02:49 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 03:21 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration