dns delegation and recursion

Mark Andrews Mark_Andrews at isc.org
Tue Feb 28 21:24:55 UTC 2006


> On Mon, 27 Feb 2006 20:51:10 -0500
> Barry Margolin <barmar at alum.mit.edu> wrote:
> 
> > In article <dtumto$1pup$1 at sf1.isc.org>,
> >  (TM)U?II? ?OU?I?IE <skor at hellug.gr> wrote:
> > 
> > > Hi all.
> > > 
> > > I have an authoritative only dns server running bind 9.
> > > Is there any way I can permit recursion for specific zones?
> > > For example I have a zone example.com which delegates some sub
> > > domains to other nameservers.
> > > sub.example.com.	IN NS other.dns.server.
> > > 
> > > I prefer not to enable recursion globaly.
> > 
> > Why do you think you need this?  The queries that come in to your
> > server will most likely not have the Recursion Desired flag set.  So
> > even if you allowed recursion, it wouldn't be requested so you
> > wouldn't do it.
> > 
> 
> 
> Thanx for you reply.
> Well it seems that with no recursion, this doesn't work. I was able to
> get a correct response only when I enabled recursion.

	And were you asking with recursion desired set or not.  Most
	tools default to asking with recursion desired set and if you
	are directly querying the parent server you need recursion
	desired to no be set.

	e.g.
		dig ns sub.example.com +norec @parent

	This will return a referral.

	Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org



More information about the bind-users mailing list