Force Recursion
Nick Tait
nick at tait.net.nz
Sat Feb 21 02:04:31 UTC 2026
On 21/02/2026 11:18, Karol Nowicki via bind-users wrote:
> Hello
>
>
> Case Scenario:
>
> Client sending query to DNS Resolver for google.com.
> DNS Resolver cached from internal root hints that google.com is
> delegated to DNS proxy server ( NS record ).
>
> DNS proxy is having locall information that google.com has to be
> delegated to public google name server 8.8.8.8
>
> Query from DNS Resolver to DNS proxy server is being sent with
> disabled recursion flag as google.com is defined with NS record.
>
> Client -> DNS Caching Recursive Resolver -> DNS "Proxy" Server ->
> Public Google DNS
>
>
> Most standard DNS servers (such as BIND, Unbound, or Windows DNS) do
> not have a built-in method to force full recursion for queries
> received without the recursion flag enabled (RD=0).
> According to RFC standards, if a client does not request recursion
> (RD=0), the server should only respond with data it holds locally
> (authoritatively) or from its cache.
>
>
> Question is do we have any methods to bypass RFC and force recurion on
> the DNS proxy for incoming queries from DNS Resolver to push on DNS
> Proxy run recursive queirs to find answer for google.com and send back
> to DNS Resolver then DNS Resolver to Client ?
Hi Karol.
It sounds like your goal is to have the "DNS proxy" to do all the
recursion (for queries of public domains), instead of the "DNS Resolver"
doing it?
If that is what you are trying to achieve, then the correct way to do
this would be to configure the "DNS Resolver" as a *forwarding
resolver*, as described in step 3 of the Resolver section of the BIND
documentation:
https://bind9.readthedocs.io/en/latest/chapter3.html#resolver-caching-name-servers
The way to do this is to add forwarders to your options block. See:
https://bind9.readthedocs.io/en/latest/reference.html#forwarding
Nick.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20260221/950e2fa8/attachment.htm>
More information about the bind-users
mailing list