> The challenge for me is in not using forwarding. For MS DNS
> servers, forwarding and recursion are tied together; turn off one
> and you lose both.
Incorrect. Turning off recursion turns off forwarders, but not vice
versa.
You can have a perfectly operating recursive MS DNS server that does
Another way to look at it.
Recursion:
Off: DNS server can only answer queries from its local zone files. Queries
for any other records returns no results. Used when server is authoritative
for Public domains (declude.com, nasa.gov)
On: DNS server will try to answer all Queries. If it doe
> My experience with MS DNS is that forwarders are setup at
> installation because the installer assumes a blank forwarder means
> the DNS server will be unable to lookup addresses.
Well put. That must explain the feeling that forwarders are
recommended -- they've been turned on for so long that
Thanks, Sandy. Of course, if I had understood everything perfectly (or even
reasonably), I wouldn't have had to post my questions here.
On our old DNS server that ran under Windows 2000 Advanced Server, you could
actually toggle Forwarding and Recursion separately. However, under Windows
2008 se
Very succinct. But I need further explanation...
Forget forwarding. We'd like to keep it to off-load the server and network
traffic, but we can live without. However, I need one server to be both
recursive for our mail server and non-recursive for our authoritative zones.
We don't have to worry a
I thought it was a clever observation, too. And it makes me feel better
about the wrong-headed idea I had of what MS suggests.
-Original Message-
From: Sanford Whiteman
Sent: Friday, March 15, 2013 10:48 PM
To: Declude.JunkMail@declude.com
Subject: Re: [Declude.JunkMail] why have spam scor
Hi Ben,
You'll want to set up at least two DNS servers for that. One recursive for
mail server lookups, most likely on the mail server. The DNS service on the
mail server should not be publicly accessible. The other non-recursive DNS
server can be used as your nameserver and, of course, publicl
Ahhh, yes, but that’s the answer I don't want. Right now, I could take our
existing old authoritative DNS server and make it non-recursive, then put a
recursive name server on the mail server itself, but listening only to the
internal IP and that would seem to follow your suggestion. Although, wh
