Path: csiph.com!aioe.org!nntp.terraraq.uk!nntp-feed.chiark.greenend.org.uk!ewrotcd!usenet-its.stanford.edu!usenet.stanford.edu!not-for-mail
From: Fred Morris <m3047@m3047.net>
Newsgroups: comp.protocols.dns.bind
Subject: Re: Response Policy Zone: disabling "leaking" of lookups
Date: Thu, 3 Sep 2020 11:44:56 -0700
Lines: 24
Approved: bind-users@lists.isc.org
Message-ID: <mailman.874.1599158663.942.bind-users@lists.isc.org>
References: <a5ebf915-7f67-34ee-27e0-6dab6d59c219@m3047.net> <4ef66fdfdcae3d73aa3dd6df1b115fe37ac5675c.camel@byington.org> <78bc23f4-7163-b4d3-63ef-91a21ddb6c99@m3047.net>
NNTP-Posting-Host: lists.isc.org
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Trace: usenet.stanford.edu 1599158715 26184 149.20.1.60 (3 Sep 2020 18:45:15 GMT)
X-Complaints-To: action@cs.stanford.edu
Cc: dnsfirewalls <dnsfirewalls@lists.redbarn.org>
To: bind-users@lists.isc.org
Return-Path: <m3047@m3047.net>
X-Original-To: bind-users@lists.isc.org
Delivered-To: bind-users@lists.isc.org
Openpgp: preference=signencrypt
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0
In-Reply-To: <4ef66fdfdcae3d73aa3dd6df1b115fe37ac5675c.camel@byington.org>
Content-Language: en-US
X-Spam-Status: No, score=0.0 required=5.0 tests=SPF_HELO_NONE,SPF_PASS autolearn=disabled version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mx.pao1.isc.org
X-BeenThere: bind-users@lists.isc.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: BIND Users Mailing List <bind-users.lists.isc.org>
List-Unsubscribe: <https://lists.isc.org/mailman/options/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=unsubscribe>
List-Archive: <https://lists.isc.org/pipermail/bind-users/>
List-Post: <mailto:bind-users@lists.isc.org>
List-Help: <mailto:bind-users-request@lists.isc.org?subject=help>
List-Subscribe: <https://lists.isc.org/mailman/listinfo/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=subscribe>
X-Mailman-Original-Message-ID: <78bc23f4-7163-b4d3-63ef-91a21ddb6c99@m3047.net>
X-Mailman-Original-References: <a5ebf915-7f67-34ee-27e0-6dab6d59c219@m3047.net> <4ef66fdfdcae3d73aa3dd6df1b115fe37ac5675c.camel@byington.org>
Xref: csiph.com comp.protocols.dns.bind:16095

Carl Byington wrote:
> On Wed, 2020-09-02 at 17:47 -0700, Fred Morris wrote:
> > how do I disable the (useless) resolution directed at upstream
> > servers?
>
> Isn't that just "qname-wait-recurse no;"
>
You are correct! I got confused and the doc didn't help. The logic is
tri-state:

*Default* (not present): The lookup is performed, but isn't waited for.

*Yes*: Resolution waits for the lookup to complete.

*No*: Resolution is not performed.


Verified by testing. :-) Thanks for the sanity check.

--

Fred Morris