Hi Kazik. What's your definition of "secure' in this case? A lot of people use forward zones and/or global forwarding on recursive servers.
Cheers, Greg On Tue, 7 Oct 2025 at 13:51, kzkz--- via bind-users < [email protected]> wrote: > Good morning, > > I'd like to forward DNS requests in the public (internet) view for a > subdomain that is hosted on a different DNS server. > Forwarding isn't supported when the settting 'recursion no' is used. > Therefore, changing the setting to 'recursion yes' makes it possible. > > # (1) existing configuration > view "public" { > allow-query { any; }; > match-clients { any; }; > allow-recursion { none; }; > recursion no; > .... > > # (2) new configuration > view "public" { > allow-query { any; }; > match-clients { any; }; > allow-recursion { none; }; > recursion yes; > .... > > In configuration #(2) forward would be configured as follows: > zone "other.example.com" { > type forward; > forward only; > forwarders { 10.10.10.10.10; 10.10.10.20; }; > }; > > Bind is ver. bind-9.16.23 > > Will configuration #(2) be secure? > Is there any risk of security violations compared to configuration #(1)? > > Thanks, > Kazik > > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list. >
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list.
