Recursive Query Problem

Kevin Darcy kcd at daimlerchrysler.com
Wed Mar 8 01:10:41 UTC 2006 

Nitin Bhagnari wrote:

>Hi All,
>
>I have 2 DNS servers, one for resolving internal
>queries and the other for external ones. I am using
>BIND9
>
>In the db.cache file of the IDNS i added an entry to
>next query the EDNS. The EDNS's db.cache has root DNS
>server IP addresses.
>
The only thing that should go into a hints zonefile are names and 
addresses of servers authoritative for the root zone.

>My problem is as follows:
>
>1. When i logon to EDNS and make a query as:
>dig abc.xyz.com. NS
>
>I get a response just fine.
>
>2. However, when i make the same query from my IDNS, i
>get the named server IPs of the root DNSes
>
>I believe my EDNS is not make recursive queries even
>though it is indicated in the query that the IDNS
>makes.
>
>I included the following config in my named.conf file
>of EDNS:
>
>options {
>         allow-recursion {
>                          192.168.200.34;
>                          };
>};
>
>where 192.168.200.34 is the IP of my IDNS.
>
>This does not help as well.
>
>Can any one suggest where I am going wrong.
>
Well, the big question is: *why* do you want IDNS to send EDNS external 
queries in the first place? Is it because IDNS doesn't have network 
connectivity to the Internet DNS? In that case, you have no choice but 
to set up IDNS to forward to EDNS (not hints, forwarders, as Barry also 
told you). Use "forward only" mode in this case, which is *not* the 
default forwarding mode (but IMHO should be). When you're forwarding in 
"forward only" mode to a server that has access to the root zone, you 
don't even need a hints file, since you just get the root-zone 
information through your forwarder.

If IDNS *does* have network connectivity to the Internet DNS, then you 
should configure the Internet root servers in your hints file. It would 
also generally be preferable in that case to eliminate the middleman 
(i.e. EDNS) and have IDNS query the Internet nameservers directly to get 
answers to external queries. As an exception to that general rule, 
though, if you have multiple instances of IDNS, or there are other 
organizations besides your own using EDNS recursively, then you *might* 
be able to squeeze out a little performance improvement by forwarding 
IDNS(es)' external queries through EDNS to take advantage of the 
centralized caching. You should make some measurements though to see if 
it really benefits or not. If you choose to forward strictly for 
performance reasons (as opposed to connectivity issues), then set the 
forwarding mode to "forward first" (or just leave the mode out, since 
that's the default mode). That way, if EDNS ever goes down or becomes 
unavailable for whatever reason, IDNS will just fall back to normal 
iterative resolution and you'll still keep on going, albeit more slowly 
than usual.

                                                                         
                                                                     - Kevin

More information about the bind-users mailing list