Hello and thank you so much.
" no-auth-recursive is meant for use in mixed-mode servers that
handle both authoritative and recursive queries" - So I guess the default
setting is intended for my purpose.
Will there be any inconvenient setting minimal-responses to no? Having that
default behaviour when using "dig" can be useful.
Thank you!
Kind regards.
David
Os melhores cumprimentos
David Alexandre M. de Carvalho
═══════════════════
Especialista de Informática
Departamento de Informática
Universidade da Beira Interior
-----Original Message-----
From: Evan Hunt <e...@isc.org>
Sent: 24 January 2023 20:12
To: David Carvalho <da...@di.ubi.pt>
Cc: bind-users@lists.isc.org
Subject: Re: recursion yes/no?
On Tue, Jan 24, 2023 at 04:48:34PM -0000, David Carvalho via bind-users wrote:
> Hello.
>
> I hope someone could help to understand the following.
>
> I have "my.domain.pt" and a master and slave server for the "my" part.
> I have been using "recursion yes" in both named.conf, as I want them
> to be both authoritative and cache for my clients.
>
> Last week I migrated my slave DNS server to version 9.16 and only
> today, after having issues with the primary server migration, I
> realized that for most queries, my slave DNS does not answer the
> "ADDITIONAL SECTION" unless I specify "+norec" with the dig command.
You didn't mention what version you were upgrading from, but I guess 9.11,
because the default setting of "minimal-responses" was changed in 9.12. It used
to default to "no", but it now defaults to "no-auth-recursive". From the ARM:
minimal-responses takes one of four values:
- no: the server is as complete as possible when generating responses.
- yes: the server only adds records to the authority and additional
sections when such records are required by the DNS protocol (for
example, when returning delegations or negative responses). This
provides the best server performance but may result in more client
queries.
- no-auth: the server omits records from the authority section except
when they are required, but it may still add records to the
additional section.
- no-auth-recursive: the same as no-auth when recursion is requested
in the query (RD=1), or the same as no if recursion is not requested.
no-auth and no-auth-recursive are useful when answering stub
clients, which usually ignore the authority section.
no-auth-recursive is meant for use in mixed-mode servers that
handle both authoritative and recursive queries.
So when recursion is requested in the query, the server omits the NS records
from the authority section, and if there's no NS records then there won't need
to be corresponding A or AAAA records in the additional section.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
