recursion and forward zones

[Barry Margolin]

In article <e0i167$cu3$1 at sf1.isc.org>,
 Kevin Darcy <kcd at daimlerchrysler.com> wrote:

> Jack Tavares wrote:
> 
> >Hi
> >
> >I am trying to setup a forwarding zone. (bind9.2.3, linux)
> >By default I have "recursion no;" set in the global
> >options.
> >
> >i set up the forwarding zone, but the only
> >way I can get it to work is to turn recursion on.
> >Or more accurately, comment out the 
> >recursion no;
> >
> >statement, which runs the default behaviour of allowing
> >recursion.
> >
> >It would seem to me that recursion and forwarding are
> >different features and that disabling one should
> >not disable the other.
> >
> What do you think "recursion" means, in that context? It means your BIND 
> instance is able and willing to go out and fetch DNS information from 
> other nameservers, in order to satisfy client requests. The fact that 
> you're trying to set up a forwarding zone, implies that you want to 
> enable resolution of names in that part of the namespace hierarchy, at 
> least for some select group of clients that ask for it. This is directly 
> contradictory to "recursion no", which basically means "I'm only going 
> to answer from my own authoritative data and not ask anyone else for the 
> answers to your questions".
> 
> You should probably set up that forwarding zone under a separate view, 
> one which has recursive service enabled.

Can the allow-query option be used in a forwarding zone?  That would be 
a simpler solution than views if this is the only zone that it's needed 
for.

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***