Question About Recursion In A Split Horizon Setup

Bob Harold rharolde at
Fri Apr 17 12:26:52 UTC 2020

On Thu, Apr 16, 2020 at 7:17 PM Tim Daneliuk <tundra at> wrote:

> We have split horizon setup and enable our internal and trusted hosts
> to do things as follows:
>     allow-recursion { trustedhosts; };
>     allow-transfer  { trustedhosts; };
> 'trustedhosts' includes a number of public facing IPs as well as the
> 192.168.0/24 CIDR block.  It also includes the IPs of the Master and
> Slave bind servers.
> So here's the part that has me wondering.  If I do a reverse lookup of
> an IP, it works as expected _except_ if I do it on either the Master
> or Slave machines. They will not only look up reverses on our
> own IPs, they won't do it for ANY IP and returns the warning:
>     WARNING: recursion requested but not available
> This is replicable with 9.14 or 9.16 (or was until today's assert borkage)
> running on FreeBSD 11.3-STABLE.  Master is on a cloud server, Slave is
> on a physical machine.  Neither instance is jailed.
> Ideas?
> --
> ----------------------------------------------------------------------------
> Tim Daneliuk     tundra at
> PGP Key:

Is in the 'trustedhosts' list?
Are you telling 'dig' what server to use  - dig @
What servers are listed in /etc/resolv.conf?  Do they resolve the reverse
Are local queries hitting the right 'view' (if you have multiple views) ?

Bob Harold
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the bind-users mailing list