dns delegation and recursion
Kevin Darcy
kcd at daimlerchrysler.com
Wed Mar 1 17:42:09 UTC 2006
Stella Korakaki wrote:
>On Mon, 27 Feb 2006 20:51:10 -0500
>Barry Margolin <barmar at alum.mit.edu> wrote:
>
>
>
>>In article <dtumto$1pup$1 at sf1.isc.org>,
>> (TM)U?II? ?OU?I?IE <skor at hellug.gr> wrote:
>>
>>
>>
>>>Hi all.
>>>
>>>I have an authoritative only dns server running bind 9.
>>>Is there any way I can permit recursion for specific zones?
>>>For example I have a zone example.com which delegates some sub
>>>domains to other nameservers.
>>>sub.example.com. IN NS other.dns.server.
>>>
>>>I prefer not to enable recursion globaly.
>>>
>>>
>>Why do you think you need this? The queries that come in to your
>>server will most likely not have the Recursion Desired flag set. So
>>even if you allowed recursion, it wouldn't be requested so you
>>wouldn't do it.
>>
>>
>>
>
>
>Thanx for you reply.
>Well it seems that with no recursion, this doesn't work. I was able to
>get a correct response only when I enabled recursion.
>
OK, then it seems that you're mixing authoritative-nameserver functions
(where iterative resolvers, issuing non-recursive queries, work their
way down the delegation tree) with resolver functions (where the server,
receiving recursive queries, does all of the work on behalf of the
clients it serves). Either you should separate those functions
(preferred), or, failing that, you're going to have to give up your
preference for not enabling recursion globally.
- Kevin
More information about the bind-users
mailing list