Question About Recursion In A Split Horizon Setup

Tim Daneliuk tundra at
Thu Apr 16 23:16:04 UTC 2020

We have split horizon setup and enable our internal and trusted hosts
to do things as follows:

    allow-recursion { trustedhosts; };
    allow-transfer  { trustedhosts; };

'trustedhosts' includes a number of public facing IPs as well as the
192.168.0/24 CIDR block.  It also includes the IPs of the Master and
Slave bind servers.

So here's the part that has me wondering.  If I do a reverse lookup of
an IP, it works as expected _except_ if I do it on either the Master
or Slave machines. They will not only look up reverses on our
own IPs, they won't do it for ANY IP and returns the warning:

    WARNING: recursion requested but not available

This is replicable with 9.14 or 9.16 (or was until today's assert borkage)
running on FreeBSD 11.3-STABLE.  Master is on a cloud server, Slave is
on a physical machine.  Neither instance is jailed.


Tim Daneliuk     tundra at
PGP Key:

More information about the bind-users mailing list