- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Iterative lookups on client
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-04-2022 10:27 AM
I have a domain, example.com, which has a delegated subdomain sub.example.com. However, recursion is turned off for the Infoblox server hosting example.com.
Should clients iterate if they request host.sub.example.com? Or do they just end up with an NXDOMAIN, which seems wrong to me? I can't seem to find any definitive answers. Thanks.
-deo
Re: Iterative lookups on client
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-04-2022 10:59 AM
Thank you for your DDI inquiry. We’re looking into it and will respond as soon as possible. Thank you for your patience.
Best regards,
Bob Rose
Principal Product Marketing Manager
Infoblox NIOS DDI & Value-Added Services
M: +1 360.584.8360 | My I.D.TM is 7553<>
Secure, Cloud-First Network Experience
[Shape Description automatically generated with medium confidence]
Re: Iterative lookups on client
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-04-2022 11:41 PM
Hi,
here i will assume that there's no configuration issue. basically stub resolver will not do iterative query when you have delegation zone, this is because when you did query from a pc/stub the rd (recursion desired) flag is set to 1, it will cause when it gets referal response it will not do the iterative query.
if you need to test the delegation zone than you need a resolver dns / LDNS (local DNS), the reason is the rd flag in LDNS is set to 0, this will make the resolve will do iterative query when it gets referral answer such delegation zone. and you also can do packet capture in LDNS so you can see how it works.
Thanks
Re: Iterative lookups on client
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-05-2022 10:11 AM
I’ve presented your inquiry to our Infoblox DDI SMEs (DDI Architects, Product Managers, and Principal Solution Architects (SAs)) and here’s their guidance:
If the client in question is a stub resolver and it's configured to query the Infoblox DNS server hosting example.com, it should get a referral back (to the DNS servers for sub.example.com). Most stub resolvers can't follow referrals, so they'll just return an error (but not NXDOMAIN, which wouldn't be accurate).
Here are some additional comments concerning:
A Client:
It wouldn’t do iterative queries.
An Internal DNS Environment:
You’d have to enable recursion for it to work (and it’s recommended to use forwarding rather than delegation in that use case).
An External DNS Environment:
In this (Internet-facing) environment, there would certainly be a recursive resolver between the client and your DNS servers, and that recursive resolver would be able to follow the referral to the delegated server.
We hope this helps answer your inquiry. Please advise if you have any further questions or contact your Account Team Solution Architect for further information. Thank you for being part of the Infoblox DDI Community.
Best regards,
Bob Rose
Principal Product Marketing Manager
Infoblox NIOS DDI & Value-Added Services
M: +1 360.584.8360 | My I.D.TM is 7553<>
Secure, Cloud-First Network Experience
[Shape Description automatically generated with medium confidence]
Re: Iterative lookups on client
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-06-2022 11:12 AM
Thanks. This is what I was looking for.