How to configure bind9 to iteratively resolve recursive requests, starting with a dns root server?
Clash Royale CLAN TAG#URR8PPP
up vote
-2
down vote
favorite
I would like to know how to configure bind9 to resolve all DNS requests given to it iteratively starting with a root server.
My goal with this is to set up bind9 as a dns resolver in my local network, however my preferences are rather specific in that I do not wish to trust any external recursive resolver, be it GoogleâÂÂs 8.8.8.8 or any of the sort. I would like my recursive resolver to resolve a A query for letâÂÂs say test.example.com as follows:
1. ask a root server for the NS entry for .com
2. ask the server given by 1. for the NS entry for example.com
3. ask the server given by 2. for the NS entry for test.example.com
4. ask the server given by 3. for the A entry for test.example.com
(I am not entirely sure but from what I understand this scheme is called iterative resolving?)
Ideally I want the intermediary servers to know as little as possible on what domain I am actually querying and preferably as many requests as possible should be made using dnsseq. Caching of all these entries is desired, but not required.
Sidenote: My network does not support ipv6.
I know that this kind of resolver is probably going to be slower than 8.8.8.8, but for me this loss in performance is negligible /acceptable.
I did not find instructions on how to configure bind9 to perform requests exactly this way.
Is it even possible to configure bind9 this way or do i have to write my own resolver from scratch?
If it is possible could someone post a snipped of
/etc/bind/named.conf.options
that makes this possible or points me in the right direction.I am also open to any alternatives that will serve my purpose.
In case it matters I am using Ubuntu 16.04 LTS (Armbian Linux)
dns bind bind9
add a comment |Â
up vote
-2
down vote
favorite
I would like to know how to configure bind9 to resolve all DNS requests given to it iteratively starting with a root server.
My goal with this is to set up bind9 as a dns resolver in my local network, however my preferences are rather specific in that I do not wish to trust any external recursive resolver, be it GoogleâÂÂs 8.8.8.8 or any of the sort. I would like my recursive resolver to resolve a A query for letâÂÂs say test.example.com as follows:
1. ask a root server for the NS entry for .com
2. ask the server given by 1. for the NS entry for example.com
3. ask the server given by 2. for the NS entry for test.example.com
4. ask the server given by 3. for the A entry for test.example.com
(I am not entirely sure but from what I understand this scheme is called iterative resolving?)
Ideally I want the intermediary servers to know as little as possible on what domain I am actually querying and preferably as many requests as possible should be made using dnsseq. Caching of all these entries is desired, but not required.
Sidenote: My network does not support ipv6.
I know that this kind of resolver is probably going to be slower than 8.8.8.8, but for me this loss in performance is negligible /acceptable.
I did not find instructions on how to configure bind9 to perform requests exactly this way.
Is it even possible to configure bind9 this way or do i have to write my own resolver from scratch?
If it is possible could someone post a snipped of
/etc/bind/named.conf.options
that makes this possible or points me in the right direction.I am also open to any alternatives that will serve my purpose.
In case it matters I am using Ubuntu 16.04 LTS (Armbian Linux)
dns bind bind9
3
This is bind's default behaviour unless you provideforwarders
.
â user996142
Apr 19 at 17:42
I appears nobody talked about this, because it indeed is the default configuration. I expected the default configuration to just forward the dns requests to whatever server the system was configured to use in resolv.conf. Thank you for pointing this out.
â UXELDUXEL
Apr 19 at 17:52
bind is not "proxy dns" like "pdnsd": it is real DNS used by many ISPs, and since all DNS clients (exceptdig recursive
) are not recursive, bind does recursive resolving starting fromnamed.root
. It is covered in "DNS and BIND" book
â user996142
Apr 19 at 18:30
It's a fair question. It would be worth creating an answer that explains it's the default OOTB configuration, to help future readers.
â roaima
Apr 19 at 23:00
add a comment |Â
up vote
-2
down vote
favorite
up vote
-2
down vote
favorite
I would like to know how to configure bind9 to resolve all DNS requests given to it iteratively starting with a root server.
My goal with this is to set up bind9 as a dns resolver in my local network, however my preferences are rather specific in that I do not wish to trust any external recursive resolver, be it GoogleâÂÂs 8.8.8.8 or any of the sort. I would like my recursive resolver to resolve a A query for letâÂÂs say test.example.com as follows:
1. ask a root server for the NS entry for .com
2. ask the server given by 1. for the NS entry for example.com
3. ask the server given by 2. for the NS entry for test.example.com
4. ask the server given by 3. for the A entry for test.example.com
(I am not entirely sure but from what I understand this scheme is called iterative resolving?)
Ideally I want the intermediary servers to know as little as possible on what domain I am actually querying and preferably as many requests as possible should be made using dnsseq. Caching of all these entries is desired, but not required.
Sidenote: My network does not support ipv6.
I know that this kind of resolver is probably going to be slower than 8.8.8.8, but for me this loss in performance is negligible /acceptable.
I did not find instructions on how to configure bind9 to perform requests exactly this way.
Is it even possible to configure bind9 this way or do i have to write my own resolver from scratch?
If it is possible could someone post a snipped of
/etc/bind/named.conf.options
that makes this possible or points me in the right direction.I am also open to any alternatives that will serve my purpose.
In case it matters I am using Ubuntu 16.04 LTS (Armbian Linux)
dns bind bind9
I would like to know how to configure bind9 to resolve all DNS requests given to it iteratively starting with a root server.
My goal with this is to set up bind9 as a dns resolver in my local network, however my preferences are rather specific in that I do not wish to trust any external recursive resolver, be it GoogleâÂÂs 8.8.8.8 or any of the sort. I would like my recursive resolver to resolve a A query for letâÂÂs say test.example.com as follows:
1. ask a root server for the NS entry for .com
2. ask the server given by 1. for the NS entry for example.com
3. ask the server given by 2. for the NS entry for test.example.com
4. ask the server given by 3. for the A entry for test.example.com
(I am not entirely sure but from what I understand this scheme is called iterative resolving?)
Ideally I want the intermediary servers to know as little as possible on what domain I am actually querying and preferably as many requests as possible should be made using dnsseq. Caching of all these entries is desired, but not required.
Sidenote: My network does not support ipv6.
I know that this kind of resolver is probably going to be slower than 8.8.8.8, but for me this loss in performance is negligible /acceptable.
I did not find instructions on how to configure bind9 to perform requests exactly this way.
Is it even possible to configure bind9 this way or do i have to write my own resolver from scratch?
If it is possible could someone post a snipped of
/etc/bind/named.conf.options
that makes this possible or points me in the right direction.I am also open to any alternatives that will serve my purpose.
In case it matters I am using Ubuntu 16.04 LTS (Armbian Linux)
dns bind bind9
edited Apr 19 at 17:39
Jeff Schaller
31.1k846105
31.1k846105
asked Apr 19 at 17:33
UXELDUXEL
846
846
3
This is bind's default behaviour unless you provideforwarders
.
â user996142
Apr 19 at 17:42
I appears nobody talked about this, because it indeed is the default configuration. I expected the default configuration to just forward the dns requests to whatever server the system was configured to use in resolv.conf. Thank you for pointing this out.
â UXELDUXEL
Apr 19 at 17:52
bind is not "proxy dns" like "pdnsd": it is real DNS used by many ISPs, and since all DNS clients (exceptdig recursive
) are not recursive, bind does recursive resolving starting fromnamed.root
. It is covered in "DNS and BIND" book
â user996142
Apr 19 at 18:30
It's a fair question. It would be worth creating an answer that explains it's the default OOTB configuration, to help future readers.
â roaima
Apr 19 at 23:00
add a comment |Â
3
This is bind's default behaviour unless you provideforwarders
.
â user996142
Apr 19 at 17:42
I appears nobody talked about this, because it indeed is the default configuration. I expected the default configuration to just forward the dns requests to whatever server the system was configured to use in resolv.conf. Thank you for pointing this out.
â UXELDUXEL
Apr 19 at 17:52
bind is not "proxy dns" like "pdnsd": it is real DNS used by many ISPs, and since all DNS clients (exceptdig recursive
) are not recursive, bind does recursive resolving starting fromnamed.root
. It is covered in "DNS and BIND" book
â user996142
Apr 19 at 18:30
It's a fair question. It would be worth creating an answer that explains it's the default OOTB configuration, to help future readers.
â roaima
Apr 19 at 23:00
3
3
This is bind's default behaviour unless you provide
forwarders
.â user996142
Apr 19 at 17:42
This is bind's default behaviour unless you provide
forwarders
.â user996142
Apr 19 at 17:42
I appears nobody talked about this, because it indeed is the default configuration. I expected the default configuration to just forward the dns requests to whatever server the system was configured to use in resolv.conf. Thank you for pointing this out.
â UXELDUXEL
Apr 19 at 17:52
I appears nobody talked about this, because it indeed is the default configuration. I expected the default configuration to just forward the dns requests to whatever server the system was configured to use in resolv.conf. Thank you for pointing this out.
â UXELDUXEL
Apr 19 at 17:52
bind is not "proxy dns" like "pdnsd": it is real DNS used by many ISPs, and since all DNS clients (except
dig recursive
) are not recursive, bind does recursive resolving starting from named.root
. It is covered in "DNS and BIND" bookâ user996142
Apr 19 at 18:30
bind is not "proxy dns" like "pdnsd": it is real DNS used by many ISPs, and since all DNS clients (except
dig recursive
) are not recursive, bind does recursive resolving starting from named.root
. It is covered in "DNS and BIND" bookâ user996142
Apr 19 at 18:30
It's a fair question. It would be worth creating an answer that explains it's the default OOTB configuration, to help future readers.
â roaima
Apr 19 at 23:00
It's a fair question. It would be worth creating an answer that explains it's the default OOTB configuration, to help future readers.
â roaima
Apr 19 at 23:00
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
2
down vote
accepted
It appears i did not do my homework properly, as pointed out in the comment by user996142 this is indeed the default configuration for bind9.
1
... except for the query minimization that you asked for, which BIND does not do currently.
â JdeBP
Apr 21 at 8:00
1
@JdeBP See isc.org/blogs/bind-to-add-qname-minimization : "We will be adding QNAME minimization in the next major version of named."
â Patrick Mevzek
Apr 24 at 0:14
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
2
down vote
accepted
It appears i did not do my homework properly, as pointed out in the comment by user996142 this is indeed the default configuration for bind9.
1
... except for the query minimization that you asked for, which BIND does not do currently.
â JdeBP
Apr 21 at 8:00
1
@JdeBP See isc.org/blogs/bind-to-add-qname-minimization : "We will be adding QNAME minimization in the next major version of named."
â Patrick Mevzek
Apr 24 at 0:14
add a comment |Â
up vote
2
down vote
accepted
It appears i did not do my homework properly, as pointed out in the comment by user996142 this is indeed the default configuration for bind9.
1
... except for the query minimization that you asked for, which BIND does not do currently.
â JdeBP
Apr 21 at 8:00
1
@JdeBP See isc.org/blogs/bind-to-add-qname-minimization : "We will be adding QNAME minimization in the next major version of named."
â Patrick Mevzek
Apr 24 at 0:14
add a comment |Â
up vote
2
down vote
accepted
up vote
2
down vote
accepted
It appears i did not do my homework properly, as pointed out in the comment by user996142 this is indeed the default configuration for bind9.
It appears i did not do my homework properly, as pointed out in the comment by user996142 this is indeed the default configuration for bind9.
answered Apr 19 at 17:53
UXELDUXEL
846
846
1
... except for the query minimization that you asked for, which BIND does not do currently.
â JdeBP
Apr 21 at 8:00
1
@JdeBP See isc.org/blogs/bind-to-add-qname-minimization : "We will be adding QNAME minimization in the next major version of named."
â Patrick Mevzek
Apr 24 at 0:14
add a comment |Â
1
... except for the query minimization that you asked for, which BIND does not do currently.
â JdeBP
Apr 21 at 8:00
1
@JdeBP See isc.org/blogs/bind-to-add-qname-minimization : "We will be adding QNAME minimization in the next major version of named."
â Patrick Mevzek
Apr 24 at 0:14
1
1
... except for the query minimization that you asked for, which BIND does not do currently.
â JdeBP
Apr 21 at 8:00
... except for the query minimization that you asked for, which BIND does not do currently.
â JdeBP
Apr 21 at 8:00
1
1
@JdeBP See isc.org/blogs/bind-to-add-qname-minimization : "We will be adding QNAME minimization in the next major version of named."
â Patrick Mevzek
Apr 24 at 0:14
@JdeBP See isc.org/blogs/bind-to-add-qname-minimization : "We will be adding QNAME minimization in the next major version of named."
â Patrick Mevzek
Apr 24 at 0:14
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f438786%2fhow-to-configure-bind9-to-iteratively-resolve-recursive-requests-starting-with%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
3
This is bind's default behaviour unless you provide
forwarders
.â user996142
Apr 19 at 17:42
I appears nobody talked about this, because it indeed is the default configuration. I expected the default configuration to just forward the dns requests to whatever server the system was configured to use in resolv.conf. Thank you for pointing this out.
â UXELDUXEL
Apr 19 at 17:52
bind is not "proxy dns" like "pdnsd": it is real DNS used by many ISPs, and since all DNS clients (except
dig recursive
) are not recursive, bind does recursive resolving starting fromnamed.root
. It is covered in "DNS and BIND" bookâ user996142
Apr 19 at 18:30
It's a fair question. It would be worth creating an answer that explains it's the default OOTB configuration, to help future readers.
â roaima
Apr 19 at 23:00