RPZ question autoritative/recursive servers
Tony Finch
dot at dotat.at
Tue Jan 22 15:06:23 UTC 2019
Mik J via bind-users <bind-users at lists.isc.org> wrote:
> For a zone that I owned, the "recursive" servers forwards the request to
> the authoritative server.
Beware: when you are forwarding the target server must be a recursive
server. If you want to "forward" to an authoritative-only server, you
must use "static-stub" zone configurations.
You can sometimes get away with forwarding to an authoritative-only
server, but it will break if you have a delegation to a zone that is
hosted on different servers. This is because the recursive server will
expect a full answer, but it will get a referral which it will fail to
follow.
My recursive servers are configured to have their own authoritative copies
of our zones, rather than relying on our authoritative servers. This is to
reduce the number of things that can go wrong, and so that the recursive
servers can provide service even if all our other servers are unavailable.
> I was reading about RPZ zones but it seems to me these are implemented
> on authoritative servers?
An RPZ zone must be authoritative, but normally it is configured on a
recursive server.
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Faeroes, Southeast Iceland: Cyclonic 4 or 5,becoming northwesterly 5 to 7.
Rough or very rough, occasionally high at first. Wintry showers. Good,
occasionally poor.
More information about the bind-users
mailing list