Re: How to disable recursion on ONE domain? (Bind-9.11.14)

Sorry, my bad. (Actually it doesn’t matter because it serves well as example that static-stub configuration fails when the servers are unreachable and it doesn’t recurse.) But even with server-addresses it properly servfails when the static-stub addresses are unreachable. Perhaps it behaves

re: How to disable recursion on ONE domain? (Bind-9.11.14)

Would adding the following to the zone config work? forwarders {}; Regards, Bob ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support

Re: How to disable recursion on ONE domain? (Bind-9.11.14)

On Fri, May 15, 2020 at 12:22 PM Chris Palmer via bind-users < bind-users@lists.isc.org> wrote: > Hi Ondřej > > At first glance your suggestion looked like what I had done. But... > I used: > > view "a" { >match-clients { 172.16.n.n/24; } >allow-recursion { any; }; >zone "x.y.zzz" { >

Re: How to disable recursion on ONE domain? (Bind-9.11.14)

Hi Ondřej At first glance your suggestion looked like what I had done. But... I used: view "a" { match-clients { 172.16.n.n/24; } allow-recursion { any; }; zone "x.y.zzz" { type static-stub; server-addresses { 10.n.n.n; 10.n.n.m; }; }; }; If the 10.n.n.n

Re: How to disable recursion on ONE domain? (Bind-9.11.14)

Hi Chris, why don’t you just delegate the x.y.zzz to the server in the VPN? Generally, the static-stub should work in this case, but your email doesn’t have enough details why it would not. I properly get SERVFAILs with this minimal config: zone "sury.org" { type static-stub; server-names

Re: How to disable recursion on ONE domain? (Bind-9.11.14)

Hi Ondřej That could work for eliminating the caching delay when the VPN comes up. I'd just have to get that into the VPN config so people didn't have to do it manually. Is there any way to stop the recursion for that domain happening in the first place though? Thanks, Chris On

Re: How to disable recursion on ONE domain? (Bind-9.11.14)

Hi Chris, when your vpn comes up, you need to issue: rndc flushtree command to the BIND 9 instance. Ondrej -- Ondřej Surý ond...@isc.org > On 15 May 2020, at 14:16, Chris Palmer via bind-users > wrote: > > There is much discussion about recursion but I can't find anything that > matches

How to disable recursion on ONE domain? (Bind-9.11.14)

There is much discussion about recursion but I can't find anything that matches this use case... - In-house Bind-9.11.14 server, master for some local zones, recursion enabled; not accessible from external networks - Two views for in-house networks - Intermittent VPN access from in-house