forwarding zone setup from a BIND slave (without recursion?)
bind-users at lists.roth.lu
Wed Apr 7 08:59:30 UTC 2021
On 4/7/2021 10:35 AM, Matus UHLAR - fantomas wrote:
> On 06.04.21 22:47, RK K wrote:
>> In this scenario, in-order for the secondary server to forward the DNS
>> query to an external DNS server, is it required to enable the
>> recursion in
>> the global options on the secondary servers?
To elaborate a little bit on that... Indeed that is how it works,
unfortunately. When you start using forwarders or stubs, recursion needs
to be enabled because you're no longer looking for your own
authoritative data only.
What I've learned from this list is that you should split authoritative
and recursive service.
In other words, you need two types of servers:
1) A non-recursive one in the backend containing your authoritative
zones only. This can be a hidden master setup, somewhat like what you
are using now.
2) The one your users access has recursion enabled, and contains stubs
to the authoritative service. Obviously, it can also contain stubs (or
forwarders) to anywhere else. At the same time it is performing full
recursive service unless you take authority for the root zone.
May I ask what is the reasoning behind your current setup (pointing your
users to the non-recursive service)? What would you like to achieve?
What would you like to prevent?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the bind-users