Users Want *Seamless* Solutions, Not Patchwork (was Re: Users want solutions, not buzzwords)

D. J. Bernstein 75628121832146-bind at sublist.cr.yp.to
Fri Aug 3 22:46:00 UTC 2001


Kevin Darcy writes:
> "Forward first" falls back to *iterative* resolution. At this point
> it's *no*different* than if it had reached the same point iteratively
> via a delegation chain.

Internal servers usually don't _have_ delegations from the parents. If
you use ``forward first,'' and if the internal servers are temporarily
unreachable, then BIND will follow the usual chain down from the roots
through the parents, and the parents will reply NXDOMAIN, exactly as I
said. The result is bounced mail.

> > Furthermore, BIND seems to blindly
> > cache incorrect data within the internal domain from external servers.
> I'm not sure what you're getting at here.

If BIND asks the .com servers about example.com and receives the
response

   example.com NS www.local.chrysler.com
   www.local.chrysler.com A 1.2.3.4

then BIND will save the www.local.chrysler.com address, even if it's
configured to ask your internal servers about *.local.chrysler.com.

---Dan


More information about the bind-users mailing list