Recursion and internal dns

  • Thread starter Thread starter NetGear
  • Start date Start date
N

NetGear

Hi,

I have a mixed mode domain. The W2k AD server is an AD integrated dns server
and the secondary is BIND 9.2.1.

My AD domain name is is the same as my official DNS domain name (e.g.
ourcompany.com) and the dns servers are configured to use forwarders for
external name resolution. Everything works fine.

However, I wonder that should I disable recursion on my name servers or is
it wise or even necessary to keep it enabled?
 
In
NetGear said:
Hi,

I have a mixed mode domain. The W2k AD server is an AD integrated dns
server and the secondary is BIND 9.2.1.

My AD domain name is is the same as my official DNS domain name (e.g.
ourcompany.com) and the dns servers are configured to use forwarders
for external name resolution. Everything works fine.

However, I wonder that should I disable recursion on my name servers
or is it wise or even necessary to keep it enabled?
Click to expand...

If you disable recursion, DNS will no longer use its forwarders or root
hints. That means it won't answer if it is not in its zones.
So I would say if you need external resolution, you need recusion enabled.
 
I have a mixed mode domain.

So you still have some NT BDCs?
The W2k AD server is an AD integrated dns server
and the secondary is BIND 9.2.1.
Click to expand...

Perfectly ok.
My AD domain name is is the same as my official DNS domain name (e.g.
ourcompany.com) and the dns servers are configured to use forwarders for
external name resolution. Everything works fine.
Excellent.

However, I wonder that should I disable recursion on my name servers or is
it wise or even necessary to keep it enabled?
Click to expand...

We have to be careful about terminology here, as there are TWO settings to
prevent "recursion" in the DNS MMC:

1) Advanced property -- Disable Recursion
(this one has been amended to say, "Including Forwarding" in
Win2003
2) On the forwarding Tab: Do not use recursion.

#1 disable the support for ALL RECURSIVE queries -- stops forwarding and
actual recursion both. (Don't use it if you want to resolve the Internet
namespace)

#2 Disables only the ACTUAL recursion from the root down (of the Internet
usually)
and leaves the Forwarding and handling of recursive queries through this
forwarding
active.

Use #2 if you have a reliable forwarder, only one internal Domain, and do
not want
your internal DNS servers to "visit the entire world of the Internet" (e.g.,
badhackers.com)
 
I would recommend against disabling recursion. As described by the other posts, this will usually cause name resolution problems.

Thank you,
Mike Johnston
Microsoft Network Support
--

This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from which they originated.
 
Back
Top