DNS - disabling recursion

MikdillyMikdilly Member Posts: 309
From mspress book for 291, chapter on configuring dns infrastructure, it goes over the tabs in the properties of the dns server, the forwarder tab has the option to disable recursion. Book says 'subsequent fallback recursion that occurs at the local dns server is usually redundant and delays an inevitable query failure message reponse.'
Why would the local dns server fail to resolve a name if has root servers in it's root hints file? Wouldn't it always have a way to resolve a name by forwarding a query to a root server?

Comments

  • royalroyal Member Posts: 3,352 ■■■■□□□□□□
    Do you know what recursion is? It's the ability for a DNS server to go fetch a DNS record from a client query. In essence, it goes and resolves from a client request. If you disable it, it won't use root hints or forwarders to go try to get the response back for the client. If the client is configured for iteration (they are by default), and makes a request to a DNS server that has recursion disabled, the client will perform iteration to go fetch the records themselves. The DNS server will provide referrals to allow the client to do iteration.
    “For success, attitude is equally as important as ability.” - Harry F. Banks
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    The first thing that comes to mind is if the network isn't connected to the internet or you configured the DNS server to be a root server (high security environment for example). Either way, its not going to be able to resolve anything that it doesn't have locally, so disabling recursion will save some time.
  • MikdillyMikdilly Member Posts: 309
    The book gives the impresion that if an upstream forwarder is down that the local dns server will inevitably fail to resolve queries, but why would it if has the root hints file. Why disable recursion if it has fault tolerance thru the root hints file? I get that you won't need it if it's not connected to the internet or is acting as a root server.
  • royalroyal Member Posts: 3,352 ■■■■□□□□□□
    Depends on what you want to do. Forwarders are always tried first and then root hints.

    Want root hints gone but still use a forwarder? Add a . zone.
    Want to disable forwarders but still use root hints? Don't use forwarders
    Want to disable all recursion? Disable recursion on the Advanced Tab.
    Want to use forwarders but not root hints afterwords? Use a forwarder so your server ends up sending an iterative query to the server displayed on the forwarder list which will then do recursion. And then if that fails, your server won't attempt recursion on its own.
    “For success, attitude is equally as important as ability.” - Harry F. Banks
  • MikdillyMikdilly Member Posts: 309
    Depends on what you want to do. Forwarders are always tried first and then root hints.

    If this is the case, then when the forwarder is down,what does the book mean by
    'subsequent fallback recursion that occurs at the local dns server is usually redundant and delays an inevitable query failure message reponse'
    .

    If the dns server is not a root server and is connected to the internet and falls back to recursion using the root hints file it won't be redundant and won't inevitably fail, right?
    Don't mean to be thick about this but it seems confusing the way the book describes it.
  • royalroyal Member Posts: 3,352 ■■■■□□□□□□
    Probably means that if your forwarder fails then it's probably because the FQDN that the client is trying to get back just doesn't exist. So if the forwarder fails, the DNS server looking to root hints will probably fail also (which is true). Hence why disabling recursion on a specific forwarder was created. So you don't have that redundant failure but the option is still there to do one last check on its own before sending a negative answer back to the client.
    “For success, attitude is equally as important as ability.” - Harry F. Banks
  • MikdillyMikdilly Member Posts: 309
    Thanks, that clears it up.
Sign In or Register to comment.