Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    BIND DNS recursion points to what by default?

    Scheduled Pinned Locked Moved pfSense Packages
    7 Posts 3 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • andrewKA
      andrewK
      last edited by andrewK

      I just upgraded to a SG-3100 and am more-or-less recreating what I had on my SG-1100's.

      I am using BIND for local DNS resolving and I was using recursion to enable local hosts to reach the internet when needed. I just turned it on and set the ACL and it all worked. That was with the SG-1100's.

      Now I can't get recursion working on the SG-3100 but I'll start with something I've been wondering for a while...

      By default, where does recursion look when the DNS server knows nothing about a domain? Part of me just figured that perhaps it looks to the DNS server addresses I've setup for the pfSense system itself...? e.g. 8.8.8.8.

      Obviously there's a field to enter IPs for forwarding but not for recursion...?

      Thx,
      A

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        A resolver walks down from the root servers to find the authoritative ns of whatever domain your looking for..

        https://www.iana.org/domains/root/servers

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • andrewKA
          andrewK
          last edited by

          Right, right... thanks.

          So I suppose that means that all such servers have, at the very least those 13 IPs stored in system by default...?

          One more question:
          Does enabling forwarding on BIND make the server forward off ALL requests? or similar to recursion, only outsources when it doesn't authoritative info?

          GertjanG 1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by johnpoz

            It would only forward what its not authoritative for..

            Yes any such dns server would know about the 13 root servers to start with.. Every now and then they are updated, this is the root.hints file..

            http://www.internic.net/domain/named.root

            Curious what your doing that would require bind over just the default resolver unbound - other than learning exercise?

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • andrewKA
              andrewK
              last edited by andrewK

              I am using it with a Redhat server running Dante Domain Manager.

              DDM is a service that allows for audio flow subscriptions across subnets along with a few other bells & whistles.

              When using DHCP for audio appliances DDM requires custom zone records for DNS. I assume thats why the parent company (Audinate.com) tells us to use BIND with pfSense.

              This is in support of a broadcast facility.
              I, along with thousands of other audio engineers have a need to become IT guys to stay relevant.

              Thanks again for the help.

              ~A

              1 Reply Last reply Reply Quote 1
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                Ah ok - thanks for the details.. Kills that curiosity kat that always getting me in trouble ;)

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • GertjanG
                  Gertjan @andrewK
                  last edited by Gertjan

                  @andrewK said in BIND DNS recursion points to what by default?:

                  at the very least those 13 IPs stored in system by default...?

                  On most of my Debian systems I have a file in /etc/bind9/ that lists these servers :

                  db.root :

                  .....
                  ; FORMERLY NS.INTERNIC.NET 
                  ;
                  .                        3600000      NS    A.ROOT-SERVERS.NET.
                  A.ROOT-SERVERS.NET.      3600000      A     198.41.0.4
                  A.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:ba3e::2:30
                  ; 
                  ; FORMERLY NS1.ISI.EDU 
                  ;
                  .                        3600000      NS    B.ROOT-SERVERS.NET.
                  B.ROOT-SERVERS.NET.      3600000      A     199.9.14.201
                  B.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:200::b
                  ; 
                  ; FORMERLY C.PSI.NET 
                  ;
                  .                        3600000      NS    C.ROOT-SERVERS.NET.
                  C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12
                  C.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2::cl: 
                  etc.
                  ....
                  

                  No "help me" PM's please. Use the forum, the community will thank you.
                  Edit : and where are the logs ??

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.