How to allow recursion on my own (cross) domains only after upgrade to 9.16.27 (lack of additional-from-auth option) ?
Thomas Martin
tmartincpp at gmail.com
Mon Apr 18 07:56:39 UTC 2022
Hello,
I recently upgraded from Debian Buster to Debian Bullseye and I'm
having a hard time having the same behavior as before with the new
bind9 version.
Here is my setup :
- I have two DNS domain (domain A.com and domain Z.com) for which my
server is authoritative (as a slave in this case),
- A few of my DNS records on domain Z are CNAME to domain A.
My server configuration looks like this :
zone "A.com" {
type slave;
file "A";
masters { a.b.c.d; };
};
zone "Z.com" {
type slave;
file "Z";
masters { a.b.c.d; };
};
I don't want my server to be recursive but I would like him to answer
the full CNAME and A like in 9.11.5 (thanks to additional-from-auth
AFAIK) :
> $ host www.Z.com 1.2.3.4
> www.Z.com is an alias for www.A.com.
> www.A.com has address 10.10.10.1
Now, with 9.16.27 my answer is only returning the CNAME record, not
the A record despite being authoritative for both domains :
> $ host www.Z.com 1.2.3.4
> www.Z.com is an alias for www.A.com.
Is there any chance I can have the same behavior as before ?
if I enable recursion it works of course, but I don't want my server
to be a public resolver.
I tried to play with the "minimal-responses" option with no luck.
Thanks.
More information about the bind-users
mailing list