Bind 8.2.3 force recursive

Fri Sep 14 21:58:35 UTC 2001

There are many domains on ns4.
So it looks like I need to hack the code. Do you know any one who would be
good to talk to about this?
Also, are there any other side effects of forcing recursion?

Thanks

Doug Chimento. Fidelity Investments , 617-563-0259
Note: This message came from my pager

-----Original Message-----
From: Kevin Darcy <kcd at daimlerchrysler.com>
To: 'comp-protocols-dns-bind at moderators.isc.org'
<comp-protocols-dns-bind at moderators.isc.org>
Sent: Fri Sep 14 17:24:55 2001
Subject: Re: Bind 8.2.3 force recursive

Chimento, Douglas wrote:

> Perhaps there is a better way...
> I have an external name server, whose name is  ns4. According to the root
> servers ns4 is master for foo.com, However I want to the "real name
server",
> ns5,  to answer the queries. So I put a forward by zone statement like so
> zone foo.com IN {
>         type forward;
>         forwarders { blah ; } ;
> };
>
> But DNS only answers to recursive queries. Any non-recursive request are
not
> answered.
>
> Some things to keep in mind
> ns4 cannot become a slave
> I cannot change the root server, ( i.e. ns4 has to be in the root servers)

Okay, with those requirements, I can't see any reasonable way to do what you
want. You could always hack the code, of course. Note, however, that you'd
not
only have to provide "unsolicited recursion" for these queries; you'd have
to
also defeat caching for the answers, because if you answered these queries
from
cache, legally you wouldn't be able to mark them as "authoritative", and
without giving authoritative answers, your server is officially lame.

Out of curiosity, is this the *only* domain hosted on ns4? If so, then maybe
you shouldn't be running named at all -- maybe you should do some
firewall/NAT
magic or run a so-called "DNS proxy" on the box to pass the queries to the
internal server and the responses back out to the client. The code-hacking
I described above basically would turn your named into an ersatz
"DNS proxy" anyway, so why not use something which is optimized for that
task?

- Kevin

>
>
> -----Original Message-----
> From: Kevin Darcy [mailto:kcd at daimlerchrysler.com]
> Sent: Friday, September 14, 2001 4:29 PM
> To: comp-protocols-dns-bind at moderators.isc.org
> Subject: Re: Bind 8.2.3 force recursive
>
> Chimento, Douglas wrote:
>
> > All,
> >         Is there any way to force DNS to do recursive lookups regardless
> of
> > the type of query made to the dns server.
> >         That is, if a request comes in as non-recursive , can you tell
DNS
> > to treat this as recursive and finish the request for the client.
> >         This is kind of odd some let me know if you need more detail.
>
> No, there's no way I know of to do this.
>
> Whatever is generating the non-recursive queries should be capable of
> following any referrals you send back to it, so generally there is no need
> for
> "unsolicited recursion". Whatever you're trying to do, there's probably a
> better way to do it.
>
> - Kevin