<span dir="ltr" lang="pl"><span><div class="QFw9Te BLojaf"><div class="hlJJmd"><div class="D5aOJc Hapztf"><span class="HwtZe" lang="en"><span class="jCAhz ChMk0b"><span class="ryNqvb">Good morning,
</span></span></span><br></div><div style="font-size: 16px;"><span class="HwtZe" lang="en"><span class="jCAhz ChMk0b"><span class="ryNqvb">
</span></span></span><br></div><div style="font-size: 16px;"><span class="HwtZe" lang="en"><span class="jCAhz ChMk0b"><span class="ryNqvb">I'd like to forward DNS requests in the public (internet) view for a subdomain that is hosted on a different DNS server. </span></span></span><br></div><div style="font-size: 16px;"><span class="HwtZe" lang="en"><span class="jCAhz ChMk0b"><span class="ryNqvb">Forwarding isn't supported when the settting 'recursion no' is used.</span></span> </span><br></div><div style="font-size: 16px;"><span class="HwtZe" lang="en"><span class="jCAhz ChMk0b"><span class="ryNqvb">Therefore, changing the setting to 'recursion yes' makes it possible.</span></span><span class="jCAhz"><span class="ryNqvb"> </span></span></span><br></div><div style="font-size: 16px;"><br></div><div style="font-size: 16px;"><span class="HwtZe" lang="en"><span class="jCAhz"><span class="ryNqvb"># (1) existing configuration
</span></span></span><br></div><div style="font-size: 16px;"><span class="HwtZe" lang="en"><span class="jCAhz"><span class="ryNqvb">view "public" {
</span></span></span><br></div><div style="font-size: 16px;"><span class="HwtZe" lang="en"><span class="jCAhz"><span class="ryNqvb"> allow-query { any;</span></span> <span class="jCAhz"><span class="ryNqvb">}; </span></span></span><br></div><div style="font-size: 16px;"><span class="HwtZe" lang="en"><span class="jCAhz"><span class="ryNqvb"> match-clients { any;</span></span> <span class="jCAhz"><span class="ryNqvb">}; </span></span></span><br></div><div style="font-size: 16px;"><span class="HwtZe" lang="en"><span class="jCAhz"><span class="ryNqvb"> allow-recursion { none;</span></span> <span class="jCAhz"><span class="ryNqvb">}; </span></span></span><br></div><div style="font-size: 16px;"> <span class="HwtZe" lang="en"><span class="jCAhz"><span class="ryNqvb"> recursion no;</span></span><span class="jCAhz ChMk0b"><span class="ryNqvb"> </span></span></span><br></div><div style="font-size: 16px;"><span class="HwtZe" lang="en"><span class="jCAhz ChMk0b"><span class="ryNqvb">....
</span></span></span><br></div><div style="font-size: 16px;"><br></div><div style="font-size: 16px;"><span class="HwtZe" lang="en"><span class="jCAhz ChMk0b"><span class="ryNqvb"># (2) new configuration
</span></span></span><br></div><div style="font-size: 16px;"><span class="HwtZe" lang="en"><span class="jCAhz ChMk0b"><span class="ryNqvb">view "public" {
</span></span></span><br></div><div style="font-size: 16px;"><span class="HwtZe" lang="en"><span class="jCAhz ChMk0b"><span class="ryNqvb"> allow-query { any;</span></span> <span class="jCAhz"><span class="ryNqvb">}; </span></span></span><br></div><div style="font-size: 16px;"><span class="HwtZe" lang="en"><span class="jCAhz"><span class="ryNqvb"> match-clients { any;</span></span> <span class="jCAhz"><span class="ryNqvb">}; </span></span></span><br></div><div style="font-size: 16px;"><span class="HwtZe" lang="en"><span class="jCAhz"><span class="ryNqvb"> allow-recursion { none;</span></span> <span class="jCAhz"><span class="ryNqvb">};</span></span><span class="jCAhz ChMk0b"><span class="ryNqvb"> </span></span></span><br></div><div style="font-size: 16px;"><span class="HwtZe" lang="en"><span class="jCAhz ChMk0b"><span class="ryNqvb"> recursion yes;<span> </span></span></span></span><br></div><div style="font-size: 16px;"><span class="HwtZe" lang="en"><span class="jCAhz ChMk0b"><span class="ryNqvb"><span>....
</span></span></span></span><br></div><div style="font-size: 16px;"><br></div><div style="font-size: 16px;"><span class="HwtZe" lang="en"><span class="jCAhz ChMk0b"><span class="ryNqvb"><span>
In configuration #(2) forward would be configured as follows:
</span></span></span></span><br></div><div style="font-size: 16px;"><span class="HwtZe" lang="en"><span class="jCAhz ChMk0b"><span class="ryNqvb"><span>zone "other.example.com" {
</span></span></span></span><br></div><div style="font-size: 16px;"><span class="HwtZe" lang="en"><span class="jCAhz ChMk0b"><span class="ryNqvb"><span> type forward;</span> </span></span></span><br></div><div style="font-size: 16px;"><span class="HwtZe" lang="en"><span class="jCAhz ChMk0b"><span class="ryNqvb"> forward only; </span></span></span><br></div><div style="font-size: 16px;"><span class="HwtZe" lang="en"><span class="jCAhz ChMk0b"><span class="ryNqvb"> forwarders { 10.10.10.10.10;</span></span> <span class="jCAhz ChMk0b"><span class="ryNqvb">10.10.10.20;</span></span> <span class="jCAhz"><span class="ryNqvb">}; </span></span></span><br></div><div style="font-size: 16px;"><span class="HwtZe" lang="en"><span class="jCAhz"><span class="ryNqvb">};</span></span><span class="jCAhz ChMk0b"><span class="ryNqvb"> </span></span></span><br></div><div style="font-size: 16px;"><br></div><div style="font-size: 16px;">Bind is ver. bind-9.16.23</div><div style="font-size: 16px;"><br></div><div style="font-size: 16px;"><span class="HwtZe" lang="en"><span class="jCAhz ChMk0b"><span class="ryNqvb">Will configuration #(2) be secure?</span></span></span><br></div><div style="font-size: 16px;"><span class="HwtZe" lang="en"><span class="jCAhz ChMk0b"><span class="ryNqvb">Is there any risk of security violations compared to configuration #(1)? </span></span></span><br></div><div style="font-size: 16px;"><br></div><div style="font-size: 16px;"><span class="HwtZe" lang="en"><span class="jCAhz ChMk0b"><span class="ryNqvb">Thanks,
</span></span></span><br></div><div style="font-size: 16px;"><span class="HwtZe" lang="en"><span class="jCAhz ChMk0b"><span class="ryNqvb">Kazik</span></span></span><br></div></div></div></span></span><div style="font-size: 16px;"><br></div>