PDA

View Full Version : [all variants] Bind's 'allow-recursion'. I don't quite get it.



PryGuy
September 3rd, 2009, 09:37 AM
Hello all! Please explain me the meaning of the 'allow-recursion' param in Bind. I read info, but I can't quite understand it. Thank you in advance.

KiLaHuRtZ
September 15th, 2009, 05:47 AM
It allows the server to lookup domains it is not authoritative for. For example, my DNS servers deny recursion for the public which only allows public hosts to ask my DNS to lookup hosts that it is authoritative for (i.e. my domains). If someone were to ask my DNS to lookup "google.com" they would get "no answer". However, my servers allow recursion for my internal/private hosts so they can lookup all other domains (i.e. browse the internet). Does this make sense to you?

PryGuy
September 15th, 2009, 12:44 PM
So in other words I should allow recursion for my local network and disallow it for the requests coming from the Internet?

What if I have two views in my DNS configuraton (one for localhost and one for the local network) and DNS server does not listen to the interface that is connected to the Internet at all?

KiLaHuRtZ
September 15th, 2009, 09:06 PM
First question; yes.
Second question; you should be safe with global recursion.

PryGuy
September 16th, 2009, 06:53 AM
Second question; you should be safe with global recursion.Global recursion allows us to ask all not authoritative servers?

KiLaHuRtZ
September 16th, 2009, 09:46 AM
In respect to question 2, you would want recursion. Otherwise, your clients will only be able to resolve for domains you host.