Recursion setting for bind9

Petr Menšík pemensik at redhat.com
Fri Oct 1 08:54:35 UTC 2021 

Hi Sonal,

I do not think forwarders specified in zone work as fixed order. It
would not work by first contacting 127.0.0.1, if that did not deliver
the answer, try 199.165.24.21. Forwarders in bind are configured as a
set, not ordered list. It would use whatever just gives faster replies.

I am afraid BIND does not work similar to /etc/resolv.conf, where such
approach might work. It expects authoritative server for the zone can be
found and produces the answer. Which is only cached by named. It expects
any configured forwarder would get the same answer, just how fast it is
would be measured.

I think more correct would be setting more specific zones of e164.arpa
configured with only one forwarder.

Regards,
Petr

On 9/29/21 09:21, Sonal Pahuja wrote:
>
> Hi All,
>
>  
>
> Is there any option to set recursion =1 in named.conf file for the
> zone. I just want bind9 to do recursion only once.
>
> If bind9 receives answer from one of the forwarders then it should not
> do recursion (forward query) to any other forwarder IP.
>
>  
>
> Below is my snapshot of my named.conf file
>
>  
>
> options {
>
>         listen-on port 53 { any; };
>
>         listen-on-v6 port 53 { any; };
>
>         directory       "/var/named";
>
>         dump-file       "/var/named/data/cache_dump.db";
>
>         statistics-file "/var/named/data/named.stats";
>
>         memstatistics-file "/var/named/data/named_mem_stats.txt";
>
>         allow-query     { localhost; !blocked; allowed; };
>
> //      allow-query     { localhost; };
>
>         recursion yes;
>
>         zone-statistics            yes;
>
>         dnssec-enable no;
>
>         dnssec-validation no;
>
> auth-nxdomain no;
>
>         // additional-from-auth no;
>
>          // additional-from-cache no;
>
>         /* Path to ISC DLV key */
>
>         bindkeys-file "/etc/named.iscdlv.key";
>
>  
>
>         managed-keys-directory "/var/named/dynamic";
>
>  
>
>  
>
> };
>
> zone "e164.arpa" IN {
>
> type forward ;
>
> forwarders { 127.0.0.1 port 49153;   199.165.24.21 port 49153; };
>
> forward only;
>
> };
>
>  
>
> Regards,
>
> Sonal
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

-- 
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: pemensik at redhat.com
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20211001/4059f290/attachment-0001.htm>

More information about the bind-users mailing list