RD flag for per-domain forwarding
Darren Ankney
darren.ankney at gmail.com
Tue Oct 7 20:14:05 UTC 2025
Hi Carlos,
You could setup example.org and my.example.org as type "mirror"
(https://bind9.readthedocs.io/en/v9.18.36/reference.html#namedconf-statement-type%20mirror)
if you are able to allow a zone transfer to your recursive nameserver
from 1.1.1.1 and 2.2.2.2. If you can't, then perhaps type "stub"
could work: https://bind9.readthedocs.io/en/v9.18.36/reference.html#namedconf-statement-type%20stub
Thank you,
Darren Ankney
On Tue, Oct 7, 2025 at 8:36 AM Carlos Peon Costa <carlospeon at gmail.com> wrote:
>
> I'd like to share this scenario:
>
> * Domain "example.org" is hosted on name server 1.1.1.1
> * This domain has a subdomain "my.example.org" delegated to 2.2.2.2
> through regular NS glue records
> * To allow my bind nameserver know "example.org" domain I set a
> per-domain forwarding:
> zone "example.org" { type forward; forwarders { 1.1.1.1; }; };
>
> I've found that if I query "my.example.org" to my bind nameserver it
> forwards the query to the appropriate nameserver 1.1.1.1 *with* the RD
> flag, but if 1.1.1.1 has no connection with 2.2.2.2 the query will
> fail. The point is that if the RD flag were disabled 1.1.1.1 would
> reply with the authoritative nameserver 2.2.2.2 and bind could reach
> this one and solve the query.
>
> RD flag must be set for global forwarders but I'm wondering if it
> makes sense to add a configuration option to allow set/unset RD flag
> in per-domain forward configurations.
>
> Regards,
> Carlos.
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list.
More information about the bind-users
mailing list