On Tue, Aug 11, 2015 at 04:41:04PM +0100, Ralph Corderoy wrote: > > Go the programming language? I'm confused as to how that's a client of > > an authoritative server, either. > > Go implements its own resolver rather than use the local libc's, e.g. > glibc's. All of them are stub resolvers, yes, but if asked to look up > foo.bar.local and /etc/resolv.conf has only the authoritative bar.local > server in it then they get an authoritative response without a > third-party recursive resolver being involved. [ Perhaps ietf@xxxxxxxx is the wrong list for this discussion. ] Best practice is to not conflate authoritative and recursive DNS servers. If you put an authoritative rather than a recursive resolver in /etc/resolv.conf, that's a misconfiguration. I have a recursive resolver on 127.0.0.1:53 and an authoritative nameserver on <public-ip>:53. The /etc/resolv.conf file lists only the recursive server on the loopback address. The authoritative server refuses recursive queries. -- Viktor.