Forward Zone

Mathias Körber mathias at koerber.org
Wed Nov 8 14:02:07 UTC 2000 

> I understand forwarding in say the type master zone, but was is=20
> the purpose
> of it in a type forward zone?  Doesn't a forward zone just forward
> everything?  If so what is the need for the forward (first | only) =
option.
> I am just looking at this for a forward zone.

A type forward zone is not an authoritative zone in the sense that
a master or slave zone are. Instead, using this configuration, you
can fine-tune forwarding of data in certain domains as per your needs:

a) You could send queries for different domains to different forwarders:

	zone "domain1.example" {
		forwarders { d1fwd; } ;
		};

	zone "domain2.example" {
		forwarders { d2fwd; } ;
		};

b) you can override a global forwarder setting:

	options {
		forwarders { myfwdrs; };
		}

	zone "special.example" {
		forwarders { spec-fwdrs; };
		};

	In this case, all queries will go to the normal forwarders,
	except those for anything in special.example, they go to
	the special fwdrs (maybe because you know these are authoritative
	and the delegation for that zone is flaky)

	zone "other.example" {
		forwarders { none; } ;
		};

	Queries for records in the domain other.example will NOT
	go through forwarders, so your nameserver will have to handle the
	lookup via the roots itself. This might be needed if your forwarders
	consistently handle that domain wrongly (I can;t think of a reason why =
they
	should, but one never knows)

The forward (first | only) option controls whether your nameserver will
consider a timeout on e query to the forwarders as final, or will try on =
its own
by following the root-delegation (maybe your nameserver is not afected =
by
a network aoutage, but the forwarders are)
Note that an NXDOMAIN reply from the forwarder will befinal in any case. =
BIND
will not try for itself even if forwrard first is selected. Fallback
only applies to timeouts etc.

All of these can come in very handy if
	- you have split DNS with internal and external zones.
	- you have special needs to bypass the delegation for certain
	  zones (eg because you need to resolve an internal copy
	  of someone else's DNS, and the public delegation only points to
	  their public copy. This way you directly point your nameserver
	  to their internal nameserver (so long as you have a path to that
	  of course).

I hope this helps.



>=20
> Syntax for a forward zone is defined as the following:
>=20
> zone domain_name [ ( in | hs | hesiod | chaos ) ]
>=20
>   type forward;
>   [ forward ( only | first ); ]
>   [ forwarders { [ ip_addr ; [ ip_addr ; ... ] ] }; ]
>   [ check-names ( warn | fail | ignore ); ]
> };

More information about the bind-users mailing list