DNS requests with Rd flag cleared
patrice.wacrenier at orange.com
patrice.wacrenier at orange.com
Fri Nov 4 16:21:31 UTC 2011
I have noticed that every request sent by a BIND recursive DNS server
during its iterative process is sent with rd flag cleared.
I also noticed that when a zone is of type "forward", the forward is not
done for requests received with rd flag cleared.
In that situation any DNS authoritative server receiving such requests
(with rd flag cleared) is supposed to answer with NS records and will
never be able neither to transmit any recursive request nor to forward
the request to some other DNS server.
In some situation this may cause some trouble as discussed below.
Suppose that my organization has one authoritative DNS server (let's
call it DNS1) for the zone "myzone.fr" configured in such way that the
subzone "subzone1.myzone.fr" is delegated to another authoritative DNS
server (let's say DNS2).
Suppose also, that for security reason, DNS2 is configured to respond to
requests issued by DNS1 only.
In that situation each request for "subzone1.myzone.fr" coming from a
"third party" recursive DNS server (ISP cache server for example) will
never reach DNS2.
I have tried the "static-stub" type but this doesn't fill my need...
Are there some possibilities to force a recursive DNS to perform its
recursive process even for request received with rd flag cleared ?
Thanks !!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20111104/88b0553e/attachment.html>
More information about the bind-users
mailing list