Authority and forwarding, but not recursion/iteration

Crist Clark cjc+bind-users at pumpky.net
Sun Mar 7 17:05:15 UTC 2021


Where is it sending recursive queries if it owns the root?

On Sun, Mar 7, 2021 at 3:06 AM Marki <bind-users at lists.roth.lu> wrote:

> I tried that. When you configure no global forwarders it's going to
> recurse because recursion needs to be enabled for the individual forwarded
> zones to work. You'd have to specify a fake global forwarder which looks
> like a hack.
>
>
> On March 7, 2021 10:09:49 AM GMT+01:00, Crist Clark <
> cjc+bind-users at pumpky.net> wrote:
>>
>> Two views. The view that does not do internet DNS claims authority for
>> the root and does not global forward. The entire DNS is just the zones
>> defined in the view, which can be authoritative or forwarded. The other
>> view has the global forward-only to upstream resolvers.
>>
>> On Sat, Mar 6, 2021 at 3:34 PM Marki <bind-users at lists.roth.lu> wrote:
>>
>>> I'm not sure:
>>>
>>> > Some clients should be able to resolve authoritative local zones as
>>> well as some forwarded zones.
>>>
>>> And only that. "forward only;" doesn't cut it, in case you mean the
>>> global option. That would still forward everything else somewhere else. The
>>> requirement is to _only_ resolve local stuff for some clients.
>>> On 3/6/2021 8:48 PM, Crist Clark wrote:
>>>
>>> forward only;
>>>
>>> On Fri, Mar 5, 2021 at 5:19 PM Marki <bind-users at lists.roth.lu> wrote:
>>>
>>>> Hello,
>>>>
>>>> I am seeking a combination of either a combined configuration on one,
>>>> or
>>>> a config of several different DNS servers together to achieve the
>>>> following:
>>>> * Some clients should be able to resolve authoritative local zones as
>>>> well as some forwarded zones.
>>>> * Other clients should be able to resolve all of that _plus_ be able to
>>>> make recursive queries to the internet (or use a global forwarder).
>>>> All hosts use the same DNS servers, this should not be made about the
>>>> clients but rather be configurable on the server.
>>>>
>>>> Now the problems are the following:
>>>> * Since I need forwarders I can't turn off recursion.
>>>> * Since I can't turn off recursion I can't prevent it to go and try to
>>>> resolve from root DNS.
>>>>
>>>> How do I do one (local authority and forwarders) but not the other
>>>> (iterative lookups on the Internet)?
>>>>
>>>> Thanks,
>>>>
>>>> Marki
>>>>
>>>> _______________________________________________
>>>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>>>> unsubscribe from this list
>>>>
>>>> ISC funds the development of this software with paid support
>>>> subscriptions. Contact us at https://www.isc.org/contact/ for more
>>>> information.
>>>>
>>>>
>>>> bind-users mailing list
>>>> bind-users at lists.isc.org
>>>> https://lists.isc.org/mailman/listinfo/bind-users
>>>>
>>>> _______________________________________________
>>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>>> unsubscribe from this list
>>>
>>> ISC funds the development of this software with paid support
>>> subscriptions. Contact us at https://www.isc.org/contact/ for more
>>> information.
>>>
>>>
>>> bind-users mailing list
>>> bind-users at lists.isc.org
>>> https://lists.isc.org/mailman/listinfo/bind-users
>>>
>> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20210307/54bc72f8/attachment.htm>


More information about the bind-users mailing list