> On Sep 23, 2016, at 17.34, Lindsay Haisley <fmouse...@fmp.com> wrote: > > On Fri, 2016-09-23 at 17:10 -0400, btb wrote: >> On 2016.09.23 16.16, Lindsay Haisley wrote: >>> >>> On Fri, 2016-09-23 at 18:43 +0100, RW wrote: >>>> >>>> Right, but the question here is why isn't a forwarding server also a >>>> recursive server? Why is the use of iteration the defining feature of >>>> a recursive server and not the support for recursion. >>> http://serverfault.com/questions/661821/what-s-the-difference-between-recursion-and-forwarding-in-bind >> this is bad information. it's unfortunate it has a green check mark >> next to it. at least it only has a 6 though. > > What do you think is bad about it? I've been working with DNS for 20 > years and this is about as straightforward an explanation of the > difference as I can think of, and jibes with my understanding. Am I > misinformed?
it suffers from the same deficiencies highlighted in my earlier message. namely, conflating the services provided with the work done in order to provide those services. > <http://www.techexams.net/forums/net-infra-70-291/29238-dns-recursion-forwarding.html> > says pretty much the same thing. Is this also bad information? yes. > Or how about > <https://www.digitalocean.com/community/tutorials/how-to-configure-bind-as-a-caching-or-forwarding-dns-server-on-ubuntu-14-04>? > > What this article defines as a "caching" name server is rather the same > as a recursive server, but the definition of a forwarding server is the > same - basically a proxy server. this page is perhaps a bit better, but still suffers from terminology conflation. consider that, to do the work described as "forwarding" in many of these references, the nameserver must perform a recursive query [e.g. it must perform a query with the rd bit set]. on the digital ocean page, it's stated "This configuration will force the server to recursively seek answers from other DNS servers when a client issues a query". this is incorrect. the configuration described will result in [there's no forcing here :) ] the server performing *iterative* queries. that is, working through the dns hierarchy, following delegations [often called "referrals"] as necessary, in order to find the answer. these queries do not have the rd bit set, and as such, are not recursive queries. the techexams page suffers from this same misconception. recursion occurs if the client sends a "recursion desired" query [rd bit set], and the server answers with a "recursion allowed" response [ra bit set]. at that point, recursion has now occurred, regardless of what the server might have done behind the scenes [it might be a client too!] what the poster on that page described as recursion occurring, is, in fact, iteration occurring. a reference to the bind config exemplified on the digital ocean page might help as well. the "recursion" setting controls whether or not recursion is allowed [e.g. whether or not recursive service is offered/provided to clients querying the server]. it does not control whether or not the nameserver performs recursion in order to provide the answer. further emphasis of this can be found in the accompanying "allow-recursion" and "allow-recursion-on" settings, which further fine tune this behavior. in any case, hopefully this discussion has run its course here. it's an interesting topic, and one worth exploring for the sake of those in search of accuracy, but would be a better fit for a mailing list like oarc's dns-operations or such.
