Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.protocols.dns.bind > #15753

How to disable recursion on ONE domain? (Bind-9.11.14)

Show all headers | View raw

There is much discussion about recursion but I can't find anything that 
matches this use case...

- In-house Bind-9.11.14 server, master for some local zones, recursion 
enabled; not accessible from external networks
- Two views for in-house networks
- Intermittent VPN access from in-house network to another private 
network that is master for DNS zone x.y.zzz; this network is not 
publicly reachable
- Need queries from one of our views for x.y.zzz to be sent to the 
static address for the x.y.zzz server that is only reachable via the VPN
- When the VPN is not connected, need the lookup on to fail/timeout 
rather than go through the recursion path
- When the VPN is again connected need lookups to succeed without undue 
delay.

Within the required view I have tried a zone with type forward 
(specifying forwarders and forward only), and also a zone of type 
static-stub (specifying server-addresses). Both work fine when the VPN 
is up. Both have two problems though when the VPN is disconnected:
       (a) the queries are recursed and an NXDOMAIN response cached.
       (b) When the VPN comes back up the cached NXDOMAIN is served 
until it expires.

I have been trying to force a SERVFAIL when the specified servers for 
that domain are unreachable, rather than recursing. And presumably that 
would then cause the queries to quickly flow to the required servers 
once they are reachable again. Is that possible, or is there another 
approach to this problem?

Many thanks, Chris

Back to comp.protocols.dns.bind | Previous | Next | Find similar

Thread

How to disable recursion on ONE domain? (Bind-9.11.14) Chris Palmer <chris9@cpalmer.me.uk> - 2020-05-15 13:16 +0100

csiph-web