On Fri, Jul 08, 2011 at 10:26:16AM -0700, Chris Buxton wrote: > On Jul 8, 2011, at 9:11 AM, Joseph S D Yao wrote: > > I'd rather that recursion controls only control recursion. > > And not forwarding - have separate forwarding controls, says I. > > Forwarding is a response to a recursive query. For an iterative query, even > if you have recursion enabled, the server won't forward the query. Therefore, > it is logical that it be controlled with the same settings as recursion. > > What problem are you trying to solve? A dangling CNAME such as you describe > is a normal behavior that caching resolvers are easily able to follow.
Thanks to those who responded. The real problem is not with sub.tld.example, but with otherzone.faraway.example which works most of the time in most of the world. When it fails, people do an MSW 'nslookup' targeted at my system, and see nothing until I have described to them several times how to get a CNAME record with MSW 'nslookup' and what it means. Yes, not as secure. But less time explaining why. And I realize I have gotten sloppy about the difference between recursive and iterative - bad me! -- /*********************************************************************\ ** ** Joe Yao j...@tux.org - Joseph S. D. Yao ** \*********************************************************************/ _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
