recursion yes/no?

David Carvalho david at di.ubi.pt
Wed Jan 25 10:23:16 UTC 2023 

Hello and thank you so much.
"   no-auth-recursive is meant for use in mixed-mode servers that
   handle both authoritative and recursive queries" - So I guess the default setting is intended for my purpose.

Will there be any inconvenient setting minimal-responses to no?  Having that default behaviour when using "dig" can be useful.


Thank you!

Kind regards.
David

Os melhores cumprimentos
David Alexandre M. de Carvalho
═══════════════════
Especialista de Informática
Departamento de Informática
Universidade da Beira Interior

-----Original Message-----
From: Evan Hunt <each at isc.org> 
Sent: 24 January 2023 20:12
To: David Carvalho <david at di.ubi.pt>
Cc: bind-users at lists.isc.org
Subject: Re: recursion yes/no?

On Tue, Jan 24, 2023 at 04:48:34PM -0000, David Carvalho via bind-users wrote:
> Hello.
> 
> I hope someone could help to understand the following.
> 
> I have "my.domain.pt" and a master and slave server for the "my" part. 
> I have been using "recursion yes" in both named.conf, as I want them 
> to be both authoritative and cache for my clients.
> 
> Last week I migrated my slave DNS server to version 9.16 and only 
> today, after having issues with the primary server migration, I 
> realized that for most queries, my slave DNS does not answer the 
> "ADDITIONAL SECTION" unless I specify "+norec" with the dig command.

You didn't mention what version you were upgrading from, but I guess 9.11, because the default setting of "minimal-responses" was changed in 9.12. It used to default to "no", but it now defaults to "no-auth-recursive". From the ARM:

  minimal-responses takes one of four values:

   -  no: the server is as complete as possible when generating responses.
   -  yes: the server only adds records to the authority and additional
      sections when such records are required by the DNS protocol (for
      example, when returning delegations or negative responses). This
      provides the best server performance but may result in more client
      queries.
   -  no-auth: the server omits records from the authority section except
      when they are required, but it may still add records to the
      additional section.
   -  no-auth-recursive: the same as no-auth when recursion is requested
      in the query (RD=1), or the same as no if recursion is not requested.

   no-auth and no-auth-recursive are useful when answering stub
   clients, which usually ignore the authority section.
   no-auth-recursive is meant for use in mixed-mode servers that
   handle both authoritative and recursive queries.

So when recursion is requested in the query, the server omits the NS records from the authority section, and if there's no NS records then there won't need to be corresponding A or AAAA records in the additional section.

--
Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.

More information about the bind-users mailing list