How to Disable External DNS recursion?

dns bind

Solution 1:

You can enable recursion for some clients and disable recursion for others using views, but it is not recommended because you will lose some of the advantages of turning off recursion in the first place. You should use different nameservers for recursive resolution and authoritative service. (The two servers could run on the same machine if necessary.) Still, here's how to do it:

// global options apply to external clients
options {
    recursion no;
    additional-from-auth no;
    additional-from-cache no;
};

view "local" in {
    // view options enable recursion only for local clients
    match-clients { 172.16.45.80/23; 192.168.12.0/24; 127.0.0.1/8; ::1; };
    recursion yes;
    additional-from-auth yes;
    additional-from-cache yes;

    zone "." in {
            type hint;
            file "/etc/bind/db.root";
    };

    // put definitions for zones like "localhost" and "127.in-addr.arpa" here
}

// put definitions for real authoritative zones here.

As for the question in your last sentence, "what process will be performed by the BIND resolve the name request? Iterative or Inverse?", I do not understand the question. A nameserver configured not to offer recursive service will simply refuse to answer recursive queries.

Related

Move running program to background in bash
Read-only filesystem
Digital Audio Workstation: alternatives to Logic Pro or Cubase for Ubuntu?
What is the difference between Ubuntu, Kubuntu, Xubuntu and Lubuntu restricted extras/addons?
how to write wrapper for 'allocate'
Generate bitmap from HTML in Android
Make mp3 seekable PHP
Play alert sound (same as default message ringtone)
Use of the String(String) constructor in Java [duplicate]
Cancelling boost asio deadline timer safely
Parsing CSS by regex
Sorting a tuple that contains tuples