Is it secure?
Greg Choules
gregchoules+bindusers at googlemail.com
Tue Oct 7 13:17:54 UTC 2025
Hi Kazik.
What's your definition of "secure' in this case?
A lot of people use forward zones and/or global forwarding on recursive
servers.
Cheers, Greg
On Tue, 7 Oct 2025 at 13:51, kzkz--- via bind-users <
bind-users at lists.isc.org> wrote:
> Good morning,
>
> I'd like to forward DNS requests in the public (internet) view for a
> subdomain that is hosted on a different DNS server.
> Forwarding isn't supported when the settting 'recursion no' is used.
> Therefore, changing the setting to 'recursion yes' makes it possible.
>
> # (1) existing configuration
> view "public" {
> allow-query { any; };
> match-clients { any; };
> allow-recursion { none; };
> recursion no;
> ....
>
> # (2) new configuration
> view "public" {
> allow-query { any; };
> match-clients { any; };
> allow-recursion { none; };
> recursion yes;
> ....
>
> In configuration #(2) forward would be configured as follows:
> zone "other.example.com" {
> type forward;
> forward only;
> forwarders { 10.10.10.10.10; 10.10.10.20; };
> };
>
> Bind is ver. bind-9.16.23
>
> Will configuration #(2) be secure?
> Is there any risk of security violations compared to configuration #(1)?
>
> Thanks,
> Kazik
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20251007/5f984c4a/attachment.htm>
More information about the bind-users
mailing list