Forward zone, stub zone, or delegation?
- When a forward zone is configured, BIND sends a recursive query to the forwarders and waits for an answer. If the forwarder does not allow recursion, and it is needed to resolve the query, the query will fail.
- With a forward zone, the forwarder "performs the work" when resolving the query.
- When a stub zone is used, BIND sends an iterative (non-recursive) query to one of the name servers in the stub zone. BIND will continue to send iterative queries to resolve the query.
- With a stub zone, the BIND server "performs the work" when resolving the query.
- BIND uses both UDP 53 and TCP 53 when populating a stub zone, even if the master name server allows EDNS. BIND uses UDP 53 when querying the SOA record for the zone, and TCP 53 when transferring the NS records and A glue records. I find this surprising as IXFR and AXFR aren't involved.
- BIND will check the stub server(s) at the SOA REFRESH interval for any changes to the SOA, NS, and A glue records.