Recursion no

Mark Andrews Mark_Andrews at isc.org
Thu Nov 16 22:01:29 UTC 2006


> Do you know how you would go about locking down your advertisitng DNS
> Servers by turning recursion off but still allowing some CNAME's to
> resolve to other external non authorative.

	You just turn recursion off.  Iterative resolvers know how
	to handle the answers and follow the CNAMEs themselves.
 
> For example you are advertising the domain 
> 
> hello.com
> 
> In the zone file it contains
> 
> Test		IN	A	142.142.14.2
> More		IN	A	142.142.14.3
> Again		IN	A	142.142.14.4
> Out		IN	CNAME	somexternal.domain.com.
> Nice		IN	A	142.146.144.5
> Outside	IN	CNAME yahooos.yahoo.com.
> 
> The hostname outside.hello.com. Will not resolve as my servers is non
> recursive, also out.hello.com. Will also not resolve. How would I be
> able to work around this situation in order to protect my dns server
> from performing recursive lookups to the rest of the world.
> 
> Thanks
> Nick
> 
> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org



More information about the bind-users mailing list