recursion yes/no?
David Carvalho
david at di.ubi.pt
Wed Jan 25 10:16:29 UTC 2023
Good morning and thank you so much!
Now I understand. My servers are not pure authoritative, so I’ll have to keep the recursion enabled.
As for the answers in Authority and Additional sections, after setting minimal-responses to no, now I get the usual output when querying.
For what I understand, there is no downside in maintaining this setting, right?
Thank you!
Kind regards.
David
From: Greg Choules <gregchoules+bindusers at googlemail.com>
Sent: 24 January 2023 18:12
To: David Carvalho <david at di.ubi.pt>
Cc: bind-users at lists.isc.org
Subject: Re: recursion yes/no?
Hi David.
"recursion yes;" tells named that it can (if it has to) make queries to other places if it needs more information in order to answer a client query. Pure authoritative servers shouldn't need it and should have "recursion no;". So the first question is, do your servers make queries out to other places? If so, recursion must be enabled.
Secondly, do you have "minimal-responses" configured on either/both servers? If so, what is it set to? There were changes in 9.16 so maybe these explain your observations.
Cheers, Greg
On Tue, 24 Jan 2023 at 16:49, David Carvalho via bind-users <bind-users at lists.isc.org <mailto:bind-users at lists.isc.org> > wrote:
Hello.
I hope someone could help to understand the following.
I have “my.domain.pt <http://my.domain.pt> ” and a master and slave server for the “my” part. I have been using “recursion yes” in both named.conf, as I want them to be both authoritative and cache for my clients.
Last week I migrated my slave DNS server to version 9.16 and only today, after having issues with the primary server migration, I realized that for most queries, my slave DNS does not answer the “ADDITIONAL SECTION” unless I specify “+norec” with the dig command.
My named.conf files only differ in IPs and “master/slave” setting.
My questions:
Should I use recursion on both? (Bear in mind that I also want them to provide chache to clients)
Why do I need “dig +norec” to get the exact output on my slave server?
Kind regards
David
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users at lists.isc.org <mailto:bind-users at lists.isc.org>
https://lists.isc.org/mailman/listinfo/bind-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20230125/9ae7fcfe/attachment.htm>
More information about the bind-users
mailing list