Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Recursive DNS setup

0 views
Skip to first unread message

Jerry Mickman

unread,
Sep 27, 2006, 7:20:07 PM9/27/06
to
Hi All,

I just want to make sure that I've either got this concept right, or
completely wrong.

If I configure a DNS forwarder on a Server2003 DC using an external DNS
server for "all other domains," am I correct that if I don't disable
recursive on that entry, if the server can't resolve the address, my DNS
server will not query the root servers to try to resolve the DNS info?

A better way to ask this... If I enable recursive queries, am I correct in
thinking that if the server can't resolve the address, it will just "throw
up its hands and give up?" That if I disable the recursive queries, it will
try to resolve using the root servers?

Thanks in advance!

Kevin D. Goodknecht Sr. [MVP]

unread,
Sep 28, 2006, 1:12:41 AM9/28/06
to

It all depends on if your talking about "Disable Recursion" on the Advanced
tab, or checking "Do not use recursion.." on the Forwarders tab.
"Disable recursion" stops all external queries.
"Do not use recusion..." only tells your DNS server to NOT use its root
hints, meaning, if it doesn't have the zone, wait for the answer from the
forwarder which could take several seconds, and fail the query if the
Forwarder can't get the answer.

--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================


Jerry Mickman

unread,
Sep 28, 2006, 10:55:46 AM9/28/06
to
Sorry, if I seem dense, but it sounds like I did get everything backwards...

Let me see if I've got this straight: In general, recursion in DNS means to
use external sources?

If I enable recursion on the forwarder page, then the DNS server will use
the root servers if it doesn't get resolution from the forwarding server?

And if I disable recursion on the forwarder page, then the DNS server will
NOT use the root servers if it doesn't get resolution from the forwarding
server?

Thanks!

"Kevin D. Goodknecht Sr. [MVP]" <ad...@nospam.WFTX.US> wrote in message
news:uvWV6yr4...@TK2MSFTNGP02.phx.gbl...

Kevin D. Goodknecht Sr. [MVP]

unread,
Sep 28, 2006, 1:28:48 PM9/28/06
to
Jerry Mickman wrote:
> Sorry, if I seem dense, but it sounds like I did get everything
> backwards...
>
> Let me see if I've got this straight: In general, recursion in DNS
> means to use external sources?

Recursion is a mathematical term for finding the answer to a question, When
a DNS server uses recursion, it sends iterative queries to DNS servers, that
will provide the answer, or refer it to a DNS server that should know the
answer, until it gets its answer.
For example, when you send a query to your DNS, that is does not have the
answer to, (either from its cache or its zones), it starts at the very top
which is the Root, then works its way down until it either gets the answer
it wants or a DNS server answers NXDOMAIN (non-existent domain). All
recursive queries start at the root.

A real world query to use is www.microsoft.com. If your DNS doesn't know the
answer it starts with the Root servers, which don't do recursive lookups and
will give a referral by a delegation saying, "Go ask the .com gTLD servers",
which also can't do recursive lookups and will answer with a referral by
using a delegation to the Microsoft.com DNS servers. When your DNS asks the
microsoft.com DNS servers, they either give the answer by saying here is the
record or by using a delegation tells your DNS where www.microsoft.com
should be.


> If I enable recursion on the forwarder page, then the DNS server will
> use the root servers if it doesn't get resolution from the forwarding
> server?

Exactly.

>
> And if I disable recursion on the forwarder page, then the DNS server
> will NOT use the root servers if it doesn't get resolution from the
> forwarding server?

Yes, which is why you have to make sure if you disable recursion on the
forwarders tab, that the forwarder you use is highly trusted. Because if it
fails, or even worse, gives you a bad record which is then cached on your
DNS and your DNS will continue to answer with this bad record, until the bad
record's remaining TTL has expired, that is by default on a MS DNS is up to
one day and seven days on BIND.

A good use of this setting is on a Win2k3 DNS, which has support for
conditional forwarders, you can add a conditional forwarder for a Domain
that cannot be found from the root servers. A good example of this is if you
have multiple Active Directory domain trees such as domain.local that
obviously can't be resolved from the root, but doesn't have a zone on your
DNS, you can add a conditional forwarder for domain.local, give it the IPs
for its DNS servers, select the box "Do not use recursion for this domain",
if the domain.local DNS servers become unavailable, your DNS will answer
with "Server fail" instead of asking the root. It is important that if you
use a Conditional forwarder, that the forwarder has authority for the
domain.

Jerry Mickman

unread,
Sep 28, 2006, 4:26:56 PM9/28/06
to
Thank you for straigtening me out on this topic! Your explanation was
extremely helpful.


"Kevin D. Goodknecht Sr. [MVP]" <ad...@nospam.WFTX.US> wrote in message

news:evGPQOy...@TK2MSFTNGP02.phx.gbl...

0 new messages