Allow recursion for esternal resources in a authoritative zone on a "not open" dns server
Carsten Strotmann
cas at strotmann.de
Tue Nov 19 09:59:04 UTC 2013
Hello Stefano,
the standard query path for DNS is
client -> caching DNS -> authoritative DNS
Your BIND Server is probably on the very right of that picture, the
"authoritative (only)" server. Such an authoritative only server only
answers with data it is authoritative for (like you described). In case
of the CNAME pointing to an domain-name the server is not authoritative
for, the authoritative server will send the CNAME to the caching server.
The caching server should be able to resolve any domain name that is
reachable via the normal (iterative) name resolution, starting at the
root-server system. On receiving the CNAME record, it is the task of the
caching DNS Server to resolve the CNAME to an final record (A, AAAA or
whatever has been requested by the client) and then return the full
final answer (all CNAMEs + final record with data) to the client.
There is nothing special to configure in BIND, only you need a BIND DNS
Server acting as a cache server. A client should never directly talk to
a authoritative (only) DNS Server. It should always go through an
intermediate caching.
Best regards
Carsten Strotmann
"Chiesa Stefano" <Stefano.Chiesa at wki.it> writes:
> Hello all.
>
> I have a "closed" bind dns server. It answers only to queries related to
> zones it is authoritative for (a normal behaviour... right?).
> I have dns zones that contain cname that points to hostnames in domains
> not managed by that server.
> So it won't resolve that names returning the cname to the client.
>
> I'd like to know if there is a way to tell to BIND "if the external
> resource is in a domain managed by you, resolve (do recourse)"
>
> Do you know if it is possible?
>
> Thanks in advance,
> Stefano.
>
> ----------------------------------------
> Stefano Chiesa
> Wolters Kluwer Italia
> Network Specialist
> Strada 1, Palazzo F6
> 20090 Milanofiori Assago (Mi) - Italia
> Phone +39 0282476279 (20279 Voip)
> Fax +39 0282476815
>
>
>
More information about the bind-users
mailing list