Hi, I'm just writing to confirm that I have the correct understanding of the relationship between delegation and recursion.
A bit of background: I'm responsible for an Internet-facing server that has the following requirements. It should support recursion for known (DMZ) clients and it should not support recursion for unknown clients. It should also delegate subdomains to other name servers in the organisation, for both known and unknown clients. The issue is that if recursion is not allowed for external clients, delegation breaks (i.e. results in "No answer" from nslookup which I believe is a referral). Which kinda makes sense, if a query that is delegated to another nameserver is classified as recursive rather than iterative. The question is, what is the preferred solution to this situation i.e. an external facing nameserver that should not provide recursion but delegate some of its subdomains to other nameservers that are authoritative for them [subdomains]. A workaround is to set up the external nameserver as a slave for the subdomains but is there any better solution? Thank you in advance for reading my post, and apologise if this is a naive question but I couldn't find an answer in the BIND book or manuals (perhaps the question is ill-posed). Recursion and delegation are covered as separate topics, but from a resolver's perspective they seem to be related (if not the same). --angela _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
