Can we provide recursion for forward zones in response to iterative queries?
Tony Finch
dot at dotat.at
Mon Apr 6 10:23:41 UTC 2020
> Because the AD domain controllers already own 10.in-addr.arpa, they
> refuse to allow us to configure conditional forwarding for its
> subdomains. So we delegated the subdomains to the inbound endpoints.
> Because they are delegations, the domain controllers set the recursion
> desired flag to 0 on the queries they send to the endpoints, and we are
> not getting replies from the endpoints.
Yuck, what a horrible problem. I don't know of any easy solutions, but I
can think of two difficult ones:
* Reconfigure everything to use BIND for recursive DNS instead of AD.
* Try using dnsdist - except that as far as I can tell from its
documentation it can force RD=0 but not RD=1, so you'll need to patch
it to get the functionality you need.
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Tyne, Dogger: South 5 or 6, veering west or southwest 3 or 4. Moderate
occasionally rough at first, becoming slight. Rain at first. Good,
occasionally poor at first.
More information about the bind-users
mailing list