are there any benefits?

Dave Barr barr at visi.com
Wed Aug 11 18:53:33 UTC 1999


In article <4084.934395381 at kludge.mpn.cp.philips.com>,
Jim Reid  <jim at mpn.cp.philips.com> wrote:
>No. It's probably more bother than it's worth. Personally, I prefer
>name servers to find things out for themselves by following NS records
>instead of blindly forwarding queries to another name server. There
>are some circumstances when forwarding might help - dial-up links to
>the Internet for instance - but I doubt if these apply here.

Hm.. I have a different experience.  I come from largish sites
with many "internal" nameservers serving separate sub-domains all
behind a common Internet connection.  (a typical example is
a Big 10 university.)

There are two things in my mind which make a clear and convincing
argument to use forwarders religiously:

At one site in particular, their internet connection was quite
flaky.  When the connection was down, I noticed after some period
of time resolution of any names of other sister subdomains would
fail.  The reason?

The cached NS records for the university.edu domain had expired,
forcing the local nameserver to go out to the top level to get new ones.
Not being smart enough to ask the nameserver across the street, it
tried and failed.  The result?  Mail across campus stopped,
even though the only thing down was the external Internet link.
Switching to have forwarders lines on all nameservers to point to
the central campus servers fixed that.  Extending the TTLs on
the NS records could have helped to a point, but wouldn't have
solved the problem.

The other convincing argument along these grounds was that
with all the department and college level nameservers asking the
university nameserver(s) first before going out to the Internet,
that nameserver built up a rich and valuable cache.  DNS response
times for external resolutions fell, especially for smaller sites
with small caches of their own.

I stopped to think about what the downfalls could be to having
forwarders, and found none.  If the central servers are down,
it's just one of the many NS records it would look up and BIND
will adjust its RTT so they don't get used in future lookups
until they're back up.   (Of course I could have forced it with
'slave', but as the other nameservers could reach the Internet
there was no point.)

--Dave


More information about the bind-users mailing list