Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.protocols.dns.bind > #15904

Re: Hints for forwarding a subdomain on a authoritative server

Show all headers | View raw

Tom <lists@verreckte-cheib.ch> wrote:
>
> But: The zone-forwarding is only working, when I enable "recursion" on the
> authoritative server. Does this means, that zone-forwarding really requires
> recursion?

Yes, forwarding is completely specific to recursive servers. That is, the
server doing the forwarding must be recursive, and the target server must
also be recursive.

[ In some limited cases you can get away with the target server not being
recursive; I think the restrictions are that the target zone must not have
any delegations or out-of-zone CNAMEs, but I haven't tested this myself. ]

> Is there a better way with not enabling recursion (perhaps with views)
> to accomplish this?

Use a type "static-stub" zone if the target server is authoritative.

If the server doing the forwarding is not recursive then it needs to
secondary its own authoritative copy of the zone. But presumably you are
trying to forward because AXFRing the zone isn't possible. In that case
you need something like dnsdist which can act as a DNS reverse proxy. BIND
won't query another server when a query is RD=0.

Tony.
-- 
f.anthony.n.finch  <dot@dotat.at>  http://dotat.at/
Fisher, German Bight: West or northwest 7 or gale 8, occasionally severe gale
9 at first in Fisher, decreasing 5 or 6 later. Rough or very rough, becoming
moderate or rough later. Showers. Good.

Back to comp.protocols.dns.bind | Previous | Next | Find similar

Thread

Re: Hints for forwarding a subdomain on a authoritative server Tony Finch <dot@dotat.at> - 2020-07-06 16:46 +0100

csiph-web