recursion yes/no?

David Carvalho david at di.ubi.pt
Wed Jan 25 10:16:29 UTC 2023 

Good morning and thank you so much!

Now I understand. My servers are not pure authoritative, so I’ll have to keep the recursion enabled.

As for the answers in Authority and Additional sections, after setting minimal-responses to no, now I get the usual output when querying.

For what I understand, there is no downside in maintaining this setting, right?

Thank you!

 

Kind regards.

David

 

 

From: Greg Choules <gregchoules+bindusers at googlemail.com> 
Sent: 24 January 2023 18:12
To: David Carvalho <david at di.ubi.pt>
Cc: bind-users at lists.isc.org
Subject: Re: recursion yes/no?

 

Hi David.

"recursion yes;" tells named that it can (if it has to) make queries to other places if it needs more information in order to answer a client query. Pure authoritative servers shouldn't need it and should have "recursion no;". So the first question is, do your servers make queries out to other places? If so, recursion must be enabled.

Secondly, do you have "minimal-responses" configured on either/both servers? If so, what is it set to? There were changes in 9.16 so maybe these explain your observations.

 

Cheers, Greg

 

On Tue, 24 Jan 2023 at 16:49, David Carvalho via bind-users <bind-users at lists.isc.org <mailto:bind-users at lists.isc.org> > wrote:

Hello.

I hope someone could help to understand the following.

I have “my.domain.pt <http://my.domain.pt> ” and a master and slave server for the “my” part. I have been using “recursion yes” in both named.conf, as I want them to be both authoritative and cache for my clients.

Last week I migrated my slave DNS server to version 9.16 and only today, after having issues with the primary server migration, I realized that for most queries, my slave DNS does not answer the “ADDITIONAL SECTION” unless I specify “+norec” with the dig command.

 

My named.conf files only differ in IPs and “master/slave” setting.

 

My questions:

Should I use recursion on both? (Bear in mind that I also want them to provide chache to clients)

Why do I need “dig +norec” to get the exact output on my slave server? 

 

Kind regards

David

-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users at lists.isc.org <mailto:bind-users at lists.isc.org> 
https://lists.isc.org/mailman/listinfo/bind-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20230125/9ae7fcfe/attachment.htm>

More information about the bind-users mailing list