Authority and forwarding, but not recursion/iteration
Marki
bind-users at lists.roth.lu
Sun Mar 7 11:06:09 UTC 2021
I tried that. When you configure no global forwarders it's going to recurse because recursion needs to be enabled for the individual forwarded zones to work. You'd have to specify a fake global forwarder which looks like a hack.
On March 7, 2021 10:09:49 AM GMT+01:00, Crist Clark <cjc+bind-users at pumpky.net> wrote:
>Two views. The view that does not do internet DNS claims authority for
>the
>root and does not global forward. The entire DNS is just the zones
>defined
>in the view, which can be authoritative or forwarded. The other view
>has
>the global forward-only to upstream resolvers.
>
>On Sat, Mar 6, 2021 at 3:34 PM Marki <bind-users at lists.roth.lu> wrote:
>
>> I'm not sure:
>>
>> > Some clients should be able to resolve authoritative local zones as
>well
>> as some forwarded zones.
>>
>> And only that. "forward only;" doesn't cut it, in case you mean the
>global
>> option. That would still forward everything else somewhere else. The
>> requirement is to _only_ resolve local stuff for some clients.
>> On 3/6/2021 8:48 PM, Crist Clark wrote:
>>
>> forward only;
>>
>> On Fri, Mar 5, 2021 at 5:19 PM Marki <bind-users at lists.roth.lu>
>wrote:
>>
>>> Hello,
>>>
>>> I am seeking a combination of either a combined configuration on
>one, or
>>> a config of several different DNS servers together to achieve the
>>> following:
>>> * Some clients should be able to resolve authoritative local zones
>as
>>> well as some forwarded zones.
>>> * Other clients should be able to resolve all of that _plus_ be able
>to
>>> make recursive queries to the internet (or use a global forwarder).
>>> All hosts use the same DNS servers, this should not be made about
>the
>>> clients but rather be configurable on the server.
>>>
>>> Now the problems are the following:
>>> * Since I need forwarders I can't turn off recursion.
>>> * Since I can't turn off recursion I can't prevent it to go and try
>to
>>> resolve from root DNS.
>>>
>>> How do I do one (local authority and forwarders) but not the other
>>> (iterative lookups on the Internet)?
>>>
>>> Thanks,
>>>
>>> Marki
>>>
>>> _______________________________________________
>>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>>> unsubscribe from this list
>>>
>>> ISC funds the development of this software with paid support
>>> subscriptions. Contact us at https://www.isc.org/contact/ for more
>>> information.
>>>
>>>
>>> bind-users mailing list
>>> bind-users at lists.isc.org
>>> https://lists.isc.org/mailman/listinfo/bind-users
>>>
>>> _______________________________________________
>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>> unsubscribe from this list
>>
>> ISC funds the development of this software with paid support
>> subscriptions. Contact us at https://www.isc.org/contact/ for more
>> information.
>>
>>
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20210307/20450b5d/attachment-0001.htm>
More information about the bind-users
mailing list