Home / ubuntu / Questions / 665927
Accepted
NoFence
Asked: 2015-08-26 23:57:55 +0800 CST

Bind on non-recursive mode doesn't work

  • 772

I installed bind for caching server and recursive mode works well. But Non-recursive modes doesn't work well.

Here are option contents of /etc/named.conf (For recursive)

options {
        listen-on port 53 {localhost; any;};
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; 192.168.0.0/24;any; };
        allow-query-cache { localhost; 192.168.0.0/24; any;};
        recursion yes;


        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";
};

The result says :

[root@localhost ~]# nslookup naver.com
Server:         192.168.0.220
Address:        192.168.0.220#53

Non-authoritative answer:
Name:   naver.com
Address: 125.209.222.142
Name:   naver.com
Address: 202.179.177.22
Name:   naver.com
Address: 202.179.177.21
Name:   naver.com
Address: 125.209.222.141

Here are another option contents of /etc/named.conf (For Non-recursive)

options {
        listen-on port 53 {localhost; any;};
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; 192.168.0.0/24;any; };
        allow-query-cache { localhost; 192.168.0.0/24; any;};
        recursion no;


        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";
};

The result says :

[root@localhost ~]# nslookup naver.com
Server:         192.168.0.220
Address:        192.168.0.220#53

Non-authoritative answer:
*** Can't find naver.com: No answer

Why is that? Am I missing something?

networking

1 Answers

  1. Best Answer

    In a recursive query, a name server behaves like a client and asks another name server to either provide it with the answer to its query, or to return an error because it cannot supply an answer.

    That you have.

    You can turn off globally recursion with recursion no; but allow it to your request with

     allow-recursion {192.168.0.0/24;}; //change IPs as required

    Also you can configure "forwarders" to fw dns request before trying to find the answer itself by iterative query to other name servers including those in the root domain.

    • 1