Queries using forwarders

John Miller johnmill at brandeis.edu
Mon Jun 3 21:31:13 UTC 2013 

Hi Mike,

To keep my answer simple, if BIND is set up to allow recursion, and gets 
a recursive query for a zone it's not authoritative for, it'll:

1) Answer from cache
2) pass the query off to the configured forwarders
3) If the forwarders are unavailable, follow delegation itself to answer 
the query.

BIND is only authoritative for a zone if there's a

zone {}

block for it (or its parent zone).

As Steven mentioned, you can set BIND up to act as authoritative for a 
domain you don't own (e.g. malware.site.tld) so that your users get a 
false answer to their queries.  It's a pretty common 
anti-malware/anti-spam practice, and also gets used (for example) in 
wifi captive portals.

John

On 06/03/2013 03:36 PM, Ward, Mike S wrote:
> Hello all, I was trying to follow the thread on the NXDOMAIN and got lost. :) I have a question about using forwarders. If the DNS that is using forwarders receives a query for a zone it's not authoritative for even if it's in the same network, does it go to the forwarders for zone information? I'm trying to get my head around what was discussed in the NXDOMAIN thread. What makes a DNS authoritative for a zone?
>
> ==========================
> This email, and any files transmitted with it, is confidential and intended solely for the use of the individual or entity to which it is addressed. If you have received this email in error, please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this message by mistake and delete this e-mail from your system. If you are not the intended recipient, you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>

More information about the bind-users mailing list