Recursion

[Kevin Darcy]

Jeff Grossman wrote:

> What exactly is recursion, and why would I want/not want it?

Simply put, recursion is the act of getting a nameserver to resolve a
name for you. If you're *providing* DNS information externally, i.e.
hosting one or more domains, then generally you want recursion
OFF because otherwise folks may "mooch" from you (point their clients at
your nameserver for resolution) or even arrange to put malicious
information in your nameserver's cache. On the other hand, if you're
*getting* DNS information on behalf of your own clients, then you have
no choice but to honor recursion. For this reason, it is recommended to
separate your recursive servers (which handle only internal clients and
are not reachable from the Internet) functionally from your
non-recursive servers.

If you want to know a little more about the technical nitty-gritty of
recursion, there are two bits in the header of every DNS query and
response, one of which is known as "RD" (Recursion Desired), which is
set by a client which wants recursion, and the other which is known as
"RA" (Recursion Available) which is set by the server in responses if
recursion is available. If a non-recursive server gets a query which can
only be fully resolved by recursing, it'll send back a "referral" --
basically, "go ask these other nameservers" -- instead of a final
answer.


- Kevin