Recursion off\forward
Kevin Darcy
kcd at daimlerchrysler.com
Sat Nov 4 00:37:55 UTC 2006
Mark Andrews wrote:
>> We are running a bind 9.2.4 on a Solaris 10 box for internal only use.
>> Here is the senario.
>>
>> When I have rescursion off and I have the following statement
>>
>> zone "developmentrim.com" {
>> type forward;
>> forwarders { 10.222.222.22; };
>> };
>>
>> and I perform a lookup for developmentrim.com I do not get a response
>>
>> however I can perform the same lookup against the 10.222.222.22 with a
>> positive response.
>> ---
>> I then turn recursion on and it work fine.
>>
>> Is there a way to have recusion off and a forward zone working?
>>
>
> No.
>
>
To expand on that a little, you're essentially asking for BIND to
support mutually-contradictory modes of operation. "recursion no"
basically means "answer only from one's own authoritative zones,
otherwise respond with a referral", and forwarding basically means "go
out and fetch the data and return it, if the answer is *not*already*in*
one's authoritative zones or in the cache". Since a given answer can't
be both in and not in a nameserver's authoritative data simultaneously,
you can't really mix forwarding with no-recursion.
Frankly I'm not sure why anyone would turn off recursion for an
internal-only box anyway, except (as in our case, with respect to one
particular box) as a way to discourage folks from misconfiguring their
stub resolvers to point to it.
- Kevin
More information about the bind-users
mailing list