newbie question: forwarders vs. root cache

[Kevin Darcy]

cmukai at pacbell.net wrote:

> What specifically is the difference between using the forwarders option in the
> named boot file, and specifying name servers for the root cache? Thanks in
> advance.

Forwarding says "anything I don't know explicitly, I'll go and ask this other
specific set of nameservers about".

A root cache file (in non-obsolete versions of BIND, this is referred to as a
"hints" file) says "here's where to find the root servers. I'll ask them
*initially* about any name I don't know about explicitly, and then cache referral
information I learn and use this to short-circuit the name-resolution process on
subsequent queries".

So forwarding *always* locks into a specific set of servers for name resolution,
whereas non-forwarding-based resolution initially gets information from the root
servers but then subsequently goes "straight to the source(s)" (i.e. the
authoritative servers for the relevant zones) to get its answers. Forwarding is
necessary when your nameserver lacks connectivity to the authoritative
nameservers for all of the zones you might be querying (e.g. if you're behind a
restrictive Internet firewall and need to look up arbitrary Internet names). When
you have full connectivity, the only real reason to use forwarding is to enhance
query performance and whether it does this or not depends on caching
considerations, one's own network setup, one's clients' query patterns, etc. and
is frequently a source of disagreement among DNS administrators. Personally, I'm
in the anti-forwarding camp, and this bias may be reflected in the description
above...

Note also that in later versions of BIND 8, and in BIND 9, forwarding can be
configured on a "zone" level (it is more technically correct to describe this as
per-domain forwarding however) instead of the "global" forwarding which is the
only form of forwarding possible in named.boot, i.e. with a BIND 4 nameserver.


- Kevin