"Recursive no;" implications?
Steven Carr
sjcarr at gmail.com
Tue Jan 21 09:17:28 UTC 2014
On 21 January 2014 09:03, LuKreme <kremels at kreme.com> wrote:
> If you set recursion no; in named.conf, you need to set the forwarders as well. Is there anything else that must be done so that DNS queries still work?
Forwarding will not work if you don't have recursion enabled. With
recursion disabled you are a pure authoritative server, you will only
answer queries to which you are serving data for.
> If you have master/slave servers you should specify allow-recursion for your subnet instead, right? I'd you do this, you don't need to set forwarders, yes?
Recursion has no effect with the master/slave relationship. Recursion
is only needed if clients need to be able to resolve names and you
want your nameserver to lookup that answer for them. If you have
recursion enabled then no you don't need to specify forwarders, but
you do need to ensure your nameservers have full outbound DNS to the
Internet (and all of the Internet) and it isn't blocked by any
firewall.
> And finally, can you specify a slave DNS against a CNAME or must it have a rDNS and an A record?
No, http://tools.ietf.org/html/rfc2181 - Section 10.3: The domain name
used as the value of a NS resource record, or part of the value of a
MX resource record must not be an alias.
More information about the bind-users
mailing list