asked on doubt about bind dns
I have a linux machine with a little dns server (I'm using bind9 for this).
I have 2 PCs who are using this linux machine as its dns server. Both PCs solves well DNS queries on the zone where my linux machine is authoritative, however, when making some other DNS queries (for example solving "google.com" name) it only seems to work if I configure the server with recursion=yes. If recursion=no then only local names are solved.
Why?
I have 2 PCs who are using this linux machine as its dns server. Both PCs solves well DNS queries on the zone where my linux machine is authoritative, however, when making some other DNS queries (for example solving "google.com" name) it only seems to work if I configure the server with recursion=yes. If recursion=no then only local names are solved.
Why?
Linux NetworkingDNS
Last Comment
Zephyr ICT
ASKER
The coursious thing is that I have the forwarding {} configured with the IP of my ISP, so shouldn't it work when I ask for a name that is not on my DNS server, no matter the value of recursion parameter?
recursion should be on when using a forwarding server, make sure it's configured correctly though.
ASKER
Yes, this is what my tests indicates, but why?
I'm not sure what is unclear? Why what? Why recursion needs to be on when using forwarding DNS?
The recursion is needed because the Bind server needs to answer queries for zones it is not authoritative for, to do this it will use the servers you configured under forwarders.
The recursion is needed because the Bind server needs to answer queries for zones it is not authoritative for, to do this it will use the servers you configured under forwarders.
ASKER
Sorry, but I don't fully understand. Doesn't recursions stands for the way (iterative or recursive) the DNS queries are made along DNS servers?
I mean, for me the difference is: if I configure recursion = yes, then the bind will ask the forwarding DNS, and this forwarding DNS is the one who will call recursively to other DNSs until it gets an answer.
If I configure recursion = no then the bind will ask the forwarding DNS. If it is not the authoritative server, then he will ask with the address of its parent. Then my server will ask the parent, and so on until it reach the authoritative server.
Isn't this how it works?
I have looked at bind9 documentation and I dont found anywhere that there is an incompatibility between forwarders parameter and recursion=no. Do you have a link where this is explained?
I mean, for me the difference is: if I configure recursion = yes, then the bind will ask the forwarding DNS, and this forwarding DNS is the one who will call recursively to other DNSs until it gets an answer.
If I configure recursion = no then the bind will ask the forwarding DNS. If it is not the authoritative server, then he will ask with the address of its parent. Then my server will ask the parent, and so on until it reach the authoritative server.
Isn't this how it works?
I have looked at bind9 documentation and I dont found anywhere that there is an incompatibility between forwarders parameter and recursion=no. Do you have a link where this is explained?
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
If you don't want that behaviour, which might be a security risk (DNS amplification attack).
Maybe you want to use a forwarding DNS server?