Re: Authority and forwarding, but not recursion/iteration
Two views. The view that does not do internet DNS claims authority for the root and does not global forward. The entire DNS is just the zones defined in the view, which can be authoritative or forwarded. The other view has the global forward-only to upstream resolvers. On Sat, Mar 6, 2021 at 3:34 PM Marki wrote: > I'm not sure: > > > Some clients should be able to resolve authoritative local zones as well > as some forwarded zones. > > And only that. "forward only;" doesn't cut it, in case you mean the global > option. That would still forward everything else somewhere else. The > requirement is to _only_ resolve local stuff for some clients. > On 3/6/2021 8:48 PM, Crist Clark wrote: > > forward only; > > On Fri, Mar 5, 2021 at 5:19 PM Marki wrote: > >> Hello, >> >> I am seeking a combination of either a combined configuration on one, or >> a config of several different DNS servers together to achieve the >> following: >> * Some clients should be able to resolve authoritative local zones as >> well as some forwarded zones. >> * Other clients should be able to resolve all of that _plus_ be able to >> make recursive queries to the internet (or use a global forwarder). >> All hosts use the same DNS servers, this should not be made about the >> clients but rather be configurable on the server. >> >> Now the problems are the following: >> * Since I need forwarders I can't turn off recursion. >> * Since I can't turn off recursion I can't prevent it to go and try to >> resolve from root DNS. >> >> How do I do one (local authority and forwarders) but not the other >> (iterative lookups on the Internet)? >> >> Thanks, >> >> Marki >> >> ___ >> Please visit https://lists.isc.org/mailman/listinfo/bind-users to >> unsubscribe from this list >> >> ISC funds the development of this software with paid support >> subscriptions. Contact us at https://www.isc.org/contact/ for more >> information. >> >> >> bind-users mailing list >> bind-users@lists.isc.org >> https://lists.isc.org/mailman/listinfo/bind-users >> >> ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > ISC funds the development of this software with paid support > subscriptions. Contact us at https://www.isc.org/contact/ for more > information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Authority and forwarding, but not recursion/iteration
I tried that. When you configure no global forwarders it's going to recurse because recursion needs to be enabled for the individual forwarded zones to work. You'd have to specify a fake global forwarder which looks like a hack. On March 7, 2021 10:09:49 AM GMT+01:00, Crist Clark wrote: >Two views. The view that does not do internet DNS claims authority for >the >root and does not global forward. The entire DNS is just the zones >defined >in the view, which can be authoritative or forwarded. The other view >has >the global forward-only to upstream resolvers. > >On Sat, Mar 6, 2021 at 3:34 PM Marki wrote: > >> I'm not sure: >> >> > Some clients should be able to resolve authoritative local zones as >well >> as some forwarded zones. >> >> And only that. "forward only;" doesn't cut it, in case you mean the >global >> option. That would still forward everything else somewhere else. The >> requirement is to _only_ resolve local stuff for some clients. >> On 3/6/2021 8:48 PM, Crist Clark wrote: >> >> forward only; >> >> On Fri, Mar 5, 2021 at 5:19 PM Marki >wrote: >> >>> Hello, >>> >>> I am seeking a combination of either a combined configuration on >one, or >>> a config of several different DNS servers together to achieve the >>> following: >>> * Some clients should be able to resolve authoritative local zones >as >>> well as some forwarded zones. >>> * Other clients should be able to resolve all of that _plus_ be able >to >>> make recursive queries to the internet (or use a global forwarder). >>> All hosts use the same DNS servers, this should not be made about >the >>> clients but rather be configurable on the server. >>> >>> Now the problems are the following: >>> * Since I need forwarders I can't turn off recursion. >>> * Since I can't turn off recursion I can't prevent it to go and try >to >>> resolve from root DNS. >>> >>> How do I do one (local authority and forwarders) but not the other >>> (iterative lookups on the Internet)? >>> >>> Thanks, >>> >>> Marki >>> >>> ___ >>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to >>> unsubscribe from this list >>> >>> ISC funds the development of this software with paid support >>> subscriptions. Contact us at https://www.isc.org/contact/ for more >>> information. >>> >>> >>> bind-users mailing list >>> bind-users@lists.isc.org >>> https://lists.isc.org/mailman/listinfo/bind-users >>> >>> ___ >> Please visit https://lists.isc.org/mailman/listinfo/bind-users to >> unsubscribe from this list >> >> ISC funds the development of this software with paid support >> subscriptions. Contact us at https://www.isc.org/contact/ for more >> information. >> >> >> bind-users mailing list >> bind-users@lists.isc.org >> https://lists.isc.org/mailman/listinfo/bind-users >> ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Authority and forwarding, but not recursion/iteration
Where is it sending recursive queries if it owns the root? On Sun, Mar 7, 2021 at 3:06 AM Marki wrote: > I tried that. When you configure no global forwarders it's going to > recurse because recursion needs to be enabled for the individual forwarded > zones to work. You'd have to specify a fake global forwarder which looks > like a hack. > > > On March 7, 2021 10:09:49 AM GMT+01:00, Crist Clark < > cjc+bind-us...@pumpky.net> wrote: >> >> Two views. The view that does not do internet DNS claims authority for >> the root and does not global forward. The entire DNS is just the zones >> defined in the view, which can be authoritative or forwarded. The other >> view has the global forward-only to upstream resolvers. >> >> On Sat, Mar 6, 2021 at 3:34 PM Marki wrote: >> >>> I'm not sure: >>> >>> > Some clients should be able to resolve authoritative local zones as >>> well as some forwarded zones. >>> >>> And only that. "forward only;" doesn't cut it, in case you mean the >>> global option. That would still forward everything else somewhere else. The >>> requirement is to _only_ resolve local stuff for some clients. >>> On 3/6/2021 8:48 PM, Crist Clark wrote: >>> >>> forward only; >>> >>> On Fri, Mar 5, 2021 at 5:19 PM Marki wrote: >>> Hello, I am seeking a combination of either a combined configuration on one, or a config of several different DNS servers together to achieve the following: * Some clients should be able to resolve authoritative local zones as well as some forwarded zones. * Other clients should be able to resolve all of that _plus_ be able to make recursive queries to the internet (or use a global forwarder). All hosts use the same DNS servers, this should not be made about the clients but rather be configurable on the server. Now the problems are the following: * Since I need forwarders I can't turn off recursion. * Since I can't turn off recursion I can't prevent it to go and try to resolve from root DNS. How do I do one (local authority and forwarders) but not the other (iterative lookups on the Internet)? Thanks, Marki ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ >>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to >>> unsubscribe from this list >>> >>> ISC funds the development of this software with paid support >>> subscriptions. Contact us at https://www.isc.org/contact/ for more >>> information. >>> >>> >>> bind-users mailing list >>> bind-users@lists.isc.org >>> https://lists.isc.org/mailman/listinfo/bind-users >>> >> ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > ISC funds the development of this software with paid support > subscriptions. Contact us at https://www.isc.org/contact/ for more > information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
