stomping forwarders
Steinar Haug
sthaug at nethelp.no
Sat Dec 25 15:40:50 UTC 1999
[Kevin Darcy]
| > How about 8.2.2's allow-recursion substatement?
|
| My observation has been that allow-recursion doesn't actually reject
| recursive queries from the excluded sources or automatically return
| NXDOMAIN; they just get treated like iterative queries, receiving an
| answer from authoritative data or cache, otherwise a referral.
This was done on purpose, because the primary motivation behind the
"allow-recursion" statement was to limit resources usage for clients
that aren't supposed to use this name server. If you have the data in
the cache, there is basically no extra cost in returning the data
compared to returning a referral.
In this respect it's very much like the behavior you get with a global
"recursion no" statement - the name server returns an answer from
authoritative data or cache, otherwise a referral. Thus I feel that the
behavior of the "allow-recursion" statement is consistent with the rest
of BIND.
(Yes, a name server may return cached data even with "recursion no", for
instance A records for MX records that point outside the zone itself.)
Steinar Haug, Nethelp consulting, sthaug at nethelp.no
More information about the bind-users
mailing list