[Pdns-users] PowerDNS Recursor Question

[Clint Martin]

actually,

If the PDNS server is authoritative for a zone (clint.nt in my example)
and a query comes in for a record which is not located in the zone
(bob.clint.nt for example)  the server checks it's SQL backend, doesn't
find the record, and passes the query to the recursor.  Since PDNS is
authoritative for the zone, I don't think it should pass the query to
the recursor at all, rather it should return NXDOMAIN directly.  If you
send a query with the no-recurse option, the PDNS server does return
NXDOMAIN without passing to the recursor.

make sense?

I really appreciate how responsive this list is! It's a breath of fresh
air!

Clint


-----Original Message-----
From: Norbert Sendetzky [mailto:norbert at linuxnetworks.de]
Sent: Friday, January 16, 2004 8:49 AM
To: bert hubert; Clint Martin
Cc: Pdns-Users (E-mail)
Subject: Re: [Pdns-users] PowerDNS Recursor Question


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Friday 16 January 2004 16:03, bert hubert wrote:
> On Thu, Jan 15, 2004 at 08:46:45AM -0800, Clint Martin wrote:
> > And queries to non existant hosts in the zone still result in the
> > query being passed to the recursor (although doing the query with
> > the no-recurse option does return an authoritative NXDOMAIN)
>
> Hmyes, tricky. This would hurt performance quite a lot as any
> recursive question for which no answer is available leads to a
> potentially very large number of SQL queries.
>
> I added a feature for this in 2.9.14:
>   arg().setSwitch("recursion-check-nxdomain","Set this to double
> check if recursive queries really don't exist")="";

Have I understood the problem right?
Recursing is done even if pdns is authoritive for the domain, as long 
as the recursor isn't disabled?


Norbert

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAkAIFfMACgkQxMLs5v5/7eAhngCgi8PIz+4KTeyOWCFafDmLaeBr
NhYAn3OGLvbpimWYJ3fWfsQat6yRTRh1
=KdcE
-----END PGP SIGNATURE-----