Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.protocols.dns.bind > #15754
| Path | csiph.com!aioe.org!news.etla.org!nntp-feed.chiark.greenend.org.uk!ewrotcd!usenet-its.stanford.edu!usenet.stanford.edu!not-for-mail |
|---|---|
| From | Ondřej Surý <ondrej@isc.org> |
| Newsgroups | comp.protocols.dns.bind |
| Subject | Re: How to disable recursion on ONE domain? (Bind-9.11.14) |
| Date | Fri, 15 May 2020 14:34:51 +0200 |
| Lines | 95 |
| Approved | bind-users@lists.isc.org |
| Message-ID | <mailman.405.1589546080.942.bind-users@lists.isc.org> (permalink) |
| References | <ad25d613-9526-108d-cb6a-c680233131d9@cpalmer.me.uk> <94A17804-1919-42F3-A4E2-713064FCB15F@isc.org> |
| NNTP-Posting-Host | lists.isc.org |
| Mime-Version | 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\)) |
| Content-Type | multipart/signed; boundary="Apple-Mail=_9840EDFB-5BE6-4A4E-B7B8-6CC8825C9ED5"; protocol="application/pgp-signature"; micalg=pgp-sha512 |
| X-Trace | usenet.stanford.edu 1589546097 22515 149.20.1.60 (15 May 2020 12:34:57 GMT) |
| X-Complaints-To | action@cs.stanford.edu |
| Cc | bind-users <bind-users@lists.isc.org> |
| To | Chris Palmer <chris9@cpalmer.me.uk> |
| Return-Path | <ondrej@isc.org> |
| X-Original-To | bind-users@lists.isc.org |
| Delivered-To | bind-users@lists.isc.org |
| In-Reply-To | <ad25d613-9526-108d-cb6a-c680233131d9@cpalmer.me.uk> |
| X-Mailer | Apple Mail (2.3608.80.23.2.2) |
| X-BeenThere | bind-users@lists.isc.org |
| X-Mailman-Version | 2.1.29 |
| Precedence | list |
| List-Id | BIND Users Mailing List <bind-users.lists.isc.org> |
| List-Unsubscribe | <https://lists.isc.org/mailman/options/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=unsubscribe> |
| List-Archive | <https://lists.isc.org/pipermail/bind-users/> |
| List-Post | <mailto:bind-users@lists.isc.org> |
| List-Help | <mailto:bind-users-request@lists.isc.org?subject=help> |
| List-Subscribe | <https://lists.isc.org/mailman/listinfo/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=subscribe> |
| X-Mailman-Original-Message-ID | <94A17804-1919-42F3-A4E2-713064FCB15F@isc.org> |
| X-Mailman-Original-References | <ad25d613-9526-108d-cb6a-c680233131d9@cpalmer.me.uk> |
| Xref | csiph.com comp.protocols.dns.bind:15754 |
Show key headers only | View raw
[Multipart message — attachments visible in raw view] - view raw
Hi Chris, when your vpn comes up, you need to issue: rndc flushtree <domain> command to the BIND 9 instance. Ondrej -- Ondřej Surý ondrej@isc.org > On 15 May 2020, at 14:16, Chris Palmer via bind-users <bind-users@lists.isc.org> wrote: > > There is much discussion about recursion but I can't find anything that matches this use case... > > - In-house Bind-9.11.14 server, master for some local zones, recursion enabled; not accessible from external networks > - Two views for in-house networks > - Intermittent VPN access from in-house network to another private network that is master for DNS zone x.y.zzz; this network is not publicly reachable > - Need queries from one of our views for x.y.zzz to be sent to the static address for the x.y.zzz server that is only reachable via the VPN > - When the VPN is not connected, need the lookup on to fail/timeout rather than go through the recursion path > - When the VPN is again connected need lookups to succeed without undue delay. > > Within the required view I have tried a zone with type forward (specifying forwarders and forward only), and also a zone of type static-stub (specifying server-addresses). Both work fine when the VPN is up. Both have two problems though when the VPN is disconnected: > (a) the queries are recursed and an NXDOMAIN response cached. > (b) When the VPN comes back up the cached NXDOMAIN is served until it expires. > > I have been trying to force a SERVFAIL when the specified servers for that domain are unreachable, rather than recursing. And presumably that would then cause the queries to quickly flow to the required servers once they are reachable again. Is that possible, or is there another approach to this problem? > > Many thanks, Chris > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list > > ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users
Back to comp.protocols.dns.bind | Previous | Next | Find similar | Unroll thread
Re: How to disable recursion on ONE domain? (Bind-9.11.14) Ondřej Surý <ondrej@isc.org> - 2020-05-15 14:34 +0200
csiph-web