recursion and forward zones
Mark Andrews
Mark_Andrews at isc.org
Fri Mar 31 23:48:35 UTC 2006
>
> > What do you think "recursion" means, in that context? It
> > means your BIND
> > instance is able and willing to go out and fetch DNS information from
> > other nameservers, in order to satisfy client requests. The fact that
> > you're trying to set up a forwarding zone, implies that you want to
> > enable resolution of names in that part of the namespace
> > hierarchy, at
> > least for some select group of clients that ask for it. This
> > is directly
> > contradictory to "recursion no", which basically means "I'm
> > only going
> > to answer from my own authoritative data and not ask anyone
> > else for the
> > answers to your questions".
> >
> > You should probably set up that forwarding zone under a
> > separate view,
> > one which has recursive service enabled.
> >
> >
>
> I guess I though recursion would only apply to zones
> that were not all declared anywhere.
>
> I figured if I explicitly declared a zone as forwarding
> or a slave, that that would override the recursion.
>
> I was wrong.
>
> Thanks
>
>
The description of forwarding from the ARM.
<sect3>
<title>Forwarding</title>
<para>
Even a caching name server does not necessarily perform
the complete recursive lookup itself. Instead, it can
<emphasis>forward</emphasis> some or all of the queries
that it cannot satisfy from its cache to another caching name
server,
commonly referred to as a <emphasis>forwarder</emphasis>.
</para>
<para>
There may be one or more forwarders,
and they are queried in turn until the list is exhausted or an
answer
is found. Forwarders are typically used when you do not
wish all the servers at a given site to interact directly with the
rest of
the Internet servers. A typical scenario would involve a number
of internal <acronym>DNS</acronym> servers and an
Internet firewall. Servers unable
to pass packets through the firewall would forward to the server
that can do it, and that server would query the Internet <acronym>DNS
</acronym> servers
on the internal server's behalf.
</para>
</sect3>
Also
<sect3>
<title>Forwarding</title>
<para>
The forwarding facility can be used to create a large site-wide
cache on a few servers, reducing traffic over links to external
name servers. It can also be used to allow queries by servers that
do not have direct access to the Internet, but wish to look up
exterior
names anyway. Forwarding occurs only on those queries for which
the server is not authoritative and does not have the answer in
its cache.
</para>
<variablelist>
<varlistentry>
<term><command>forward</command></term>
<listitem>
<para>
This option is only meaningful if the
forwarders list is not empty. A value of <varname>first</varnam
e>,
the default, causes the server to query the forwarders
first, and
if that doesn't answer the question the server will then
look for
the answer itself. If <varname>only</varname> is
specified, the
server will only query the forwarders.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><command>forwarders</command></term>
<listitem>
<para>
Specifies the IP addresses to be used
for forwarding. The default is the empty list (no
forwarding).
</para>
</listitem>
</varlistentry>
</variablelist>
<para>
Forwarding can also be configured on a per-domain basis, allowing
for the global forwarding options to be overridden in a variety
of ways. You can set particular domains to use different
forwarders,
or have a different <command>forward only/first</command> behavior,
or not forward at all, see <xref linkend="zone_statement_grammar"/>.
</para>
</sect3>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list