So why doesn’t it work to make your limited server authoritative for the
root and only forward the zones you want? Anything that isn’t in a
forwarded zone does not exist (except the root itself).
On Sat, Apr 17, 2021 at 11:07 PM Marki wrote:
>
> On 4/14/2021 12:44 AM, Sebby, Brian A. via
On 4/14/2021 12:44 AM, Sebby, Brian A. via bind-users wrote:
My situation is due to a security requirement. We have DNS servers at
our site running BIND that allow recursion, but I’ve been requested to
set up some additional DNS servers for another project that is
expected to **only**
rgonne National Laboratory
From: bind-users on behalf of RK K
Date: Wednesday, April 7, 2021 at 7:40 PM
To: "bind-users@lists.isc.org"
Subject: Re: forwarding zone setup from a BIND slave (without recursion?)
Hello Marki, Matus,
Thank you for the insights on this topic.
Answering
Mark Andrews wrote:
> > On 8 Apr 2021, at 00:37, Tony Finch wrote:
> >
> > Forward zones require the upstream server to be recursive too.
>
> More correctly, the upstream server has to serve the entire namespace being
> forwarded if it does not off recursion to the client for forwarding to
>
n replying, please edit your Subject line so it is more specific
> than "Re: Contents of bind-users digest..."
>
>
> Today's Topics:
>
>1. Re: forwarding zone setup from a BIND slave (without
> recursion?) (Chuck Aurora)
>2. Re: forwarding zone setup
Subject line so it is more specific
> than "Re: Contents of bind-users digest..."
>
>
> Today's Topics:
>
> 1. forwarding zone setup from a BIND slave (without recursion?)
> (RK K)
>2. Re: forwarding zone setup from a BIND slave (without
> re
> On 8 Apr 2021, at 00:37, Tony Finch wrote:
>
> Chuck Aurora wrote:
>>
>> A stub or static-stub zone would not require recursion. In that case
>> named is asking for authoritative data from upstream. But type
>> forward zones indeed cannot work if recursion is disabled.
>
> Be careful
Chuck Aurora wrote:
>
> A stub or static-stub zone would not require recursion. In that case
> named is asking for authoritative data from upstream. But type
> forward zones indeed cannot work if recursion is disabled.
Be careful in this kind of situation to be very clear about which client
or
On 2021-04-07 03:59, Marki wrote:
To elaborate a little bit on that... Indeed that is how it works,
unfortunately. When you start using forwarders or stubs, recursion
needs to be enabled because you're no longer looking for your own
authoritative data only.
A stub or static-stub zone would not
Hello,
On 4/7/2021 10:35 AM, Matus UHLAR - fantomas wrote:
On 06.04.21 22:47, RK K wrote:
In this scenario, in-order for the secondary server to forward the DNS
query to an external DNS server, is it required to enable the
recursion in
the global options on the secondary servers?
yes.
On 06.04.21 22:47, RK K wrote:
We have a set of BIND primary servers (MASTERs) and a set of secondary
servers (slaves to the MASTERs).
The secondary BIND DNS servers disabled recursion ( with "*recursion no;" *)
in the global options.
All the applications/systems do use secondary DNS servers for
All,
We have a set of BIND primary servers (MASTERs) and a set of secondary
servers (slaves to the MASTERs).
The secondary BIND DNS servers disabled recursion ( with "*recursion no;" *)
in the global options.
All the applications/systems do use secondary DNS servers for name
resolution.
Now
12 matches
Mail list logo
