BIND DNS recursion points to what by default?

andrewK · May 3, 2020, 8:22 AM

I just upgraded to a SG-3100 and am more-or-less recreating what I had on my SG-1100's.

I am using BIND for local DNS resolving and I was using recursion to enable local hosts to reach the internet when needed. I just turned it on and set the ACL and it all worked. That was with the SG-1100's.

Now I can't get recursion working on the SG-3100 but I'll start with something I've been wondering for a while...

By default, where does recursion look when the DNS server knows nothing about a domain? Part of me just figured that perhaps it looks to the DNS server addresses I've setup for the pfSense system itself...? e.g. 8.8.8.8.

Obviously there's a field to enter IPs for forwarding but not for recursion...?

Thx,
A

johnpoz · May 3, 2020, 10:38 AM

A resolver walks down from the root servers to find the authoritative ns of whatever domain your looking for..

https://www.iana.org/domains/root/servers

andrewK · May 3, 2020, 5:36 PM

Right, right... thanks.

So I suppose that means that all such servers have, at the very least those 13 IPs stored in system by default...?

One more question:
Does enabling forwarding on BIND make the server forward off ALL requests? or similar to recursion, only outsources when it doesn't authoritative info?

johnpoz · May 3, 2020, 7:03 PM

It would only forward what its not authoritative for..

Yes any such dns server would know about the 13 root servers to start with.. Every now and then they are updated, this is the root.hints file..

http://www.internic.net/domain/named.root

Curious what your doing that would require bind over just the default resolver unbound - other than learning exercise?

andrewK · May 3, 2020, 8:09 PM

I am using it with a Redhat server running Dante Domain Manager.

DDM is a service that allows for audio flow subscriptions across subnets along with a few other bells & whistles.

When using DHCP for audio appliances DDM requires custom zone records for DNS. I assume thats why the parent company (Audinate.com) tells us to use BIND with pfSense.

This is in support of a broadcast facility.
I, along with thousands of other audio engineers have a need to become IT guys to stay relevant.

Thanks again for the help.

~A

johnpoz · May 3, 2020, 8:16 PM

Ah ok - thanks for the details.. Kills that curiosity kat that always getting me in trouble ;)

Gertjan · May 4, 2020, 8:56 AM

@andrewK said in BIND DNS recursion points to what by default?:

at the very least those 13 IPs stored in system by default...?

On most of my Debian systems I have a file in /etc/bind9/ that lists these servers :

db.root :

.....
; FORMERLY NS.INTERNIC.NET 
;
.                        3600000      NS    A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET.      3600000      A     198.41.0.4
A.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:ba3e::2:30
; 
; FORMERLY NS1.ISI.EDU 
;
.                        3600000      NS    B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET.      3600000      A     199.9.14.201
B.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:200::b
; 
; FORMERLY C.PSI.NET 
;
.                        3600000      NS    C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12
C.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2::cl: 
etc.
....