Delegation and recursion

Angela Perez perez.angela7 at
Sun May 9 11:31:07 UTC 2010


I'm just writing to confirm that I have the correct understanding of
the relationship between delegation and recursion.

A bit of background: I'm responsible for an Internet-facing server
that has the following requirements. It should support recursion for
known (DMZ) clients and it should not support recursion for unknown
clients. It should also delegate subdomains to other name servers in
the organisation, for both known and unknown clients.

The issue is that if recursion is not allowed for external clients,
delegation breaks (i.e. results in "No answer" from nslookup which I
believe is a referral). Which kinda makes sense, if a query that is
delegated to another nameserver is classified as recursive rather than

The question is, what is the preferred solution to this situation i.e.
an external facing nameserver that should not provide recursion but
delegate some of its subdomains to other nameservers that are
authoritative for them [subdomains].

A workaround is to set up the external nameserver as a slave for the
subdomains but is there any better solution?

Thank you in advance for reading my post, and apologise if this is a
naive question but I couldn't find an answer in the BIND book or
manuals (perhaps the question is ill-posed). Recursion and delegation
are covered as separate topics, but from a resolver's perspective they
seem to be related (if not the same).


More information about the bind-users mailing list