Recursion off\forward

Nick Allum Nick.Allum at rci.rogers.com
Wed Nov 15 13:37:12 UTC 2006 

I had another question within regarding "recursion off"

If you have recursion off and you have a CNAME that point to some non
authorative domain/A Record you get a negative response.

Is there a way to work around this. Senario My server is the authority
for abcd.com and withing the abcd.com record I have the following

Test	IN	CNAME		hdshsh.frdskfjh.com 

For which "frdskfjh.com" I am not the authority for so when I try to
lookup test.abdc.com I get a negative response. Is there a way to work
around this other than using the IP vs CNAME.

Thanks 

-----Original Message-----
From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
Behalf Of Kevin Darcy
Sent: Friday, November 03, 2006 7:38 PM
To: comp-protocols-dns-bind at isc.org
Subject: Re: Recursion off\forward


Mark Andrews wrote:
>> We are running a bind 9.2.4 on a Solaris 10 box for internal only 
>> use. Here is the senario.
>>  
>> When I have rescursion off and I have the following statement
>>
>> zone "developmentrim.com" {
>>         type forward;
>>         forwarders { 10.222.222.22; };
>> };
>>  
>> and I perform a lookup for developmentrim.com I do not get a response
>>  
>> however I can perform the same lookup against the 10.222.222.22 with 
>> a positive response.
>> ---
>> I then turn recursion on and it work fine.
>>  
>> Is there a way to have recusion off and a forward zone working?
>>     
>
> 	No.
>  
>   
To expand on that a little, you're essentially asking for BIND to 
support mutually-contradictory modes of operation. "recursion no" 
basically means "answer only from one's own authoritative zones, 
otherwise respond with a referral", and forwarding basically means "go 
out and fetch the data and return it, if the answer is *not*already*in* 
one's authoritative zones or in the cache". Since a given answer can't 
be both in and not in a nameserver's authoritative data simultaneously, 
you can't really mix forwarding with no-recursion.

Frankly I'm not sure why anyone would turn off recursion for an 
internal-only box anyway, except (as in our case, with respect to one 
particular box) as a way to discourage folks from misconfiguring their 
stub resolvers to point to it.

 

                           - Kevin

More information about the bind-users mailing list