Delegation and recursion

Gary Wallis wgg1970 at
Sun May 9 12:28:29 UTC 2010

Angela Perez wrote:
> Hi,
> I'm just writing to confirm that I have the correct understanding of
> the relationship between delegation and recursion.
> A bit of background: I'm responsible for an Internet-facing server
> that has the following requirements. It should support recursion for
> known (DMZ) clients and it should not support recursion for unknown
> clients. It should also delegate subdomains to other name servers in
> the organisation, for both known and unknown clients.
> The issue is that if recursion is not allowed for external clients,
> delegation breaks (i.e. results in "No answer" from nslookup which I
> believe is a referral). Which kinda makes sense, if a query that is
> delegated to another nameserver is classified as recursive rather than
> iterative.
> The question is, what is the preferred solution to this situation i.e.
> an external facing nameserver that should not provide recursion but
> delegate some of its subdomains to other nameservers that are
> authoritative for them [subdomains].
> A workaround is to set up the external nameserver as a slave for the
> subdomains but is there any better solution?
> Thank you in advance for reading my post, and apologise if this is a
> naive question but I couldn't find an answer in the BIND book or
> manuals (perhaps the question is ill-posed). Recursion and delegation
> are covered as separate topics, but from a resolver's perspective they
> seem to be related (if not the same).
> --angela
> _______________________________________________
> bind-users mailing list
> bind-users at

You need to implement views. See BIND9 ARM.

You probably should use a BIND management system to help you organize 
all your enterprise NSs and DNS data.



More information about the bind-users mailing list