Recursion, forwarders and server configuration in general

Michael Kjorling michael at kjorling.com
Mon Oct 1 16:08:03 UTC 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Oct 1 2001 08:13 -0700, Bilbo Baggins wrote:

> Let's consider the following environment:
>
> ** NSa
> Holds data for foo.com as a master
> Has forward-only set up, and forwarders point to NSb
>
> ** NSb
> Holds data for foo.com as a slave
>
> ** RS1
> Host whose resolver is pointing to NSa. The resolver asks recursive
> queries.

You shouldn't point a resolver to an authorative name server if you
can avoid it, but let's skip that for the moment.


> ## Question 1 (just a confirmation):
> Queries from RS1 regarding www.foo.com will be addressed directly from
> NSa?
> I suppose yes.

Yes. Unless www.foo.com is delegated to some other server, in which
the answer will be a referral if NSa does not perform recursion on
behalf of RS1 or RS1 did not request recursion (rd flag cleared in
query). If NSa performs recursion and RS1 did request that a recursive
query should be made, then the answer will consist of exactly the data
asked for.


> ## Question 2 (just a confirmation):
> Queries from RS1 regarding www.bar.com will still be treated by NSa in
> a recursive way? That is, RS1 won't have to bother contacting NSb,
> correct?
> I suppose yes.

See above. RS1 is free to ask recursive queries or non-recursive
queries; NSa will never perform recursion unless asked, and even if it
is asked to may deny that depending on its settings with regards to
recursion availability.


> ## Question 3 (another confirmation...):
> In case the answer to the previous question (no. 2) is yes, the query
> originating from NSa to NSb will be recursive?
> I suppose yes.

Why should the master server query its slave in the first place? NSb
was never authorative for bar.com.


> ## Question 4 (last but not least!):
> In case answer to question no. 3 is yes, is the use of forwarding the
> only way to tell NSa to perform recursive queries?

A recursive resolver (unlike a stub resolver) will work its way
downwards starting wherever it has delegation data at the moment, if I
have done my homework right. So if I ask about www.bar.com., and the
name server in question has delegation records for com. cached, it
will go like this:

	* to com. servers asking for www.bar.com., receiving referral to bar.com. servers
	* to bar.com. servers asking for www.bar.com., receiving response

So I belive the answer to this question would be yes; the only way you
can force a name server to make actual _recursing_ queries would be
forwarding - depending on the implementation of course. And a DNS
server is always free not to recurse; you have to be able to handle a
referral response.


> Thank to all even for reading this post,
>
>    BB
>
> PS: My e-mail address is correct, if you want to answer in private
> too.

You're welcome.


Michael Kjörling

- -- 
Michael Kjörling - michael at kjorling.com - PGP: 8A70E33E
Manager Wolf.COM -- Programmer -- Network Administrator
"We must be the change we wish to see" (Mahatma Gandhi)

^..^     Support the wolves in Norway -- go to     ^..^
 \/   http://home.no.net/ulvelist/protest_int.htm   \/

***** Please only send me emails which concern me *****


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For my PGP key: http://michael.kjorling.com/contact/pgp.html

iD8DBQE7uJTmKqN7/Ypw4z4RAmElAKC5jlnnk4VRiVYJokd+vrHLeKPfxQCfZN+r
lsq/Uv6Vipexf4OEibZskJA=
=r5ml
-----END PGP SIGNATURE-----




More information about the bind-users mailing list