[dns-operations] Custom DNS server as backend for authoritative DNS server

Casey Deccio casey at deccio.net
Fri Mar 15 01:31:56 UTC 2019

> On Mar 14, 2019, at 6:56 PM, Paul Vixie <paul at redbarn.org> wrote:
>> So, effectively the authoritative server does some forwarding of queries
>> to a designated backend, but only specified zones, and it should
>> always act as an authoritative server, in the sense that it doesn't
>> require RD=1.  I've spun my wheels a little bit and haven't found an
>> effective solution, so I'm looking to my friends in the DNS
>> Community.  Any ideas?
> i think your backend should FORMERR on RD=1. note that it will have to be able to respond to SOA and NS queries at the apex.

The backend is not yet fully functional, but eventually, of course, it will do all that it needs to serve (pun intended) its purpose.

> straight-forward "zone { type forward; ... }" would almost work (in BIND9, though other servers implement the same feature with different syntax)

This was what I tried first, but recursion is disabled on my BIND server, so all my queries destined the "forwarded" zone are immediately returned by BIND as REFUSED.

> except, you have to use TTL 0 to prevent caching, and, i'm not completely clear on what the real server will do with an RD=0 query in terms of forwarding.

Yep, RD=0 with forward seems to result in REFUSED.

Thanks for the ideas.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20190314/269b9bfc/attachment.html>

More information about the dns-operations mailing list