dns delegation and recursion

Kevin Darcy kcd at daimlerchrysler.com
Wed Mar 1 17:42:09 UTC 2006


Stella Korakaki wrote:

>On Mon, 27 Feb 2006 20:51:10 -0500
>Barry Margolin <barmar at alum.mit.edu> wrote:
>
>  
>
>>In article <dtumto$1pup$1 at sf1.isc.org>,
>> (TM)U?II? ?OU?I?IE <skor at hellug.gr> wrote:
>>
>>    
>>
>>>Hi all.
>>>
>>>I have an authoritative only dns server running bind 9.
>>>Is there any way I can permit recursion for specific zones?
>>>For example I have a zone example.com which delegates some sub
>>>domains to other nameservers.
>>>sub.example.com.	IN NS other.dns.server.
>>>
>>>I prefer not to enable recursion globaly.
>>>      
>>>
>>Why do you think you need this?  The queries that come in to your
>>server will most likely not have the Recursion Desired flag set.  So
>>even if you allowed recursion, it wouldn't be requested so you
>>wouldn't do it.
>>
>>    
>>
>
>
>Thanx for you reply.
>Well it seems that with no recursion, this doesn't work. I was able to
>get a correct response only when I enabled recursion.
>
OK, then it seems that you're mixing authoritative-nameserver functions 
(where iterative resolvers, issuing non-recursive queries, work their 
way down the delegation tree) with resolver functions (where the server, 
receiving recursive queries, does all of the work on behalf of the 
clients it serves). Either you should separate those functions 
(preferred), or, failing that, you're going to have to give up your 
preference for not enabling recursion globally.

- Kevin




More information about the bind-users mailing list