Hi Carlos, You could setup example.org and my.example.org as type "mirror" (https://bind9.readthedocs.io/en/v9.18.36/reference.html#namedconf-statement-type%20mirror) if you are able to allow a zone transfer to your recursive nameserver from 1.1.1.1 and 2.2.2.2. If you can't, then perhaps type "stub" could work: https://bind9.readthedocs.io/en/v9.18.36/reference.html#namedconf-statement-type%20stub
Thank you, Darren Ankney On Tue, Oct 7, 2025 at 8:36 AM Carlos Peon Costa <[email protected]> wrote: > > I'd like to share this scenario: > > * Domain "example.org" is hosted on name server 1.1.1.1 > * This domain has a subdomain "my.example.org" delegated to 2.2.2.2 > through regular NS glue records > * To allow my bind nameserver know "example.org" domain I set a > per-domain forwarding: > zone "example.org" { type forward; forwarders { 1.1.1.1; }; }; > > I've found that if I query "my.example.org" to my bind nameserver it > forwards the query to the appropriate nameserver 1.1.1.1 *with* the RD > flag, but if 1.1.1.1 has no connection with 2.2.2.2 the query will > fail. The point is that if the RD flag were disabled 1.1.1.1 would > reply with the authoritative nameserver 2.2.2.2 and bind could reach > this one and solve the query. > > RD flag must be set for global forwarders but I'm wondering if it > makes sense to add a configuration option to allow set/unset RD flag > in per-domain forward configurations. > > Regards, > Carlos. > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from > this list. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list.
