RD flag for per-domain forwarding
Ben Croswell
ben.croswell at gmail.com
Tue Oct 7 12:55:39 UTC 2025
Forwarding is inherently recursive rather than iterative. When you forward
your server is basically asking the question as if it was client resolver
and expects the server being forwarded to do all the work.
You may look at testing making the forward to example.com a stub zone or a
static stub zone. Both would be iterative queries and should get the NS
delegations back for sub.example.com
-Ben Croswell
On Tue, Oct 7, 2025, 8:36 AM Carlos Peon Costa <carlospeon at gmail.com> wrote:
> I'd like to share this scenario:
>
> * Domain "example.org" is hosted on name server 1.1.1.1
> * This domain has a subdomain "my.example.org" delegated to 2.2.2.2
> through regular NS glue records
> * To allow my bind nameserver know "example.org" domain I set a
> per-domain forwarding:
> zone "example.org" { type forward; forwarders { 1.1.1.1; }; };
>
> I've found that if I query "my.example.org" to my bind nameserver it
> forwards the query to the appropriate nameserver 1.1.1.1 *with* the RD
> flag, but if 1.1.1.1 has no connection with 2.2.2.2 the query will
> fail. The point is that if the RD flag were disabled 1.1.1.1 would
> reply with the authoritative nameserver 2.2.2.2 and bind could reach
> this one and solve the query.
>
> RD flag must be set for global forwarders but I'm wondering if it
> makes sense to add a configuration option to allow set/unset RD flag
> in per-domain forward configurations.
>
> Regards,
> Carlos.
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20251007/33561b56/attachment-0001.htm>
More information about the bind-users
mailing list