You can enable the appliance to respond to recursive queries and create a list of allowed networks, IP addresses, and remote servers that present specified TSIG (transaction signature) keys. When using TSIG keys, it is important that the appliances and servers involved with the authentication procedure use NTP (Network Time Protocol) for their time settings (see Using NTP for Time Settings).
A recursive query requires the appliance to return requested DNS data, or locate the data through queries to other servers. When a NIOS appliance receives a query for DNS data it does not have and you have enabled recursive queries, it first sends a query to any specified forwarders. If a forwarder does not respond (and you have disabled the Use Forwarders Only option in the Forwarders tab of the Member DNS Properties editor), the appliance sends a non-recursive query to specified internal root servers. If no internal root servers are configured, the appliance sends a non-recursive query to the Internet root servers. For information on specifying root name servers, see see About Root Name Servers.
You can enable recursion for a Grid, individual Grid members, and DNS views. For information about enabling recursion in a DNS view, see see Configuring a DNS ViewsView. If you do not enable recursion, the appliance denies recursive queries from all clients.
...
By default, the appliance can serve up to 1,000 outstanding recursive client queries. You can change this default value according to your business needs. After you configure the recursive client queries limit, you can enable the appliance to send SNMP traps for recursive queries. Enabling SNMP traps for recursive clients can help you identify possible flood attacks on the DNS recursive server. The appliance sends SNMP traps when the number of recursive client queries exceeds the configured thresholds. For information about how to set the threshold and reset values, see see Defining Thresholds for Traps.
- From the Data Management tab, select the DNS tab and click the Members tab -> member checkbox -> Edit icon.
- In the Member DNS Properties editor, click Toggle Advanced Mode.
- When the additional tabs appear, click the Advanced subtab of the Queries tab.
- Select the Limit number of recursive clients to option and enter a number. By default, the appliance is allowed to serve up to 1000 concurrent clients that send recursive queries. You can change this default according to your business needs from between 0 to 40000.
- Save the configuration and click Restart if it appears at the top of the screen.
...
Only DNS members with recursion enabled can support this feature. You can enable this feature at the Grid level and override it at member level with recursion enabled. For information on enabling recursion for a Grid or member, see Enabling Recursive Queries. Note Note that DNS fault tolerant caching does not work when you set the DNS Resolver Type to Unbound.
...