Root Hints or Forwarding - Design Question

[Kevin Darcy]

Jeff LoSpinoso wrote:

> We have are deploying DNS servers to all of our worldwide head
> offices. The intention is for each DNS server to provide stand-alone
> internal resolution, that is it will run a copy of all internally used
> zones.
>
> For external internet resolution, some seem to think that we should
> configure each DNS server to forward to its local ISP's DNS servers,
> others feel that it's best to not use forwarding and allow the
> Root-Hints to work its magic.
>
> Any arguments either way would be appreciated.

As a general matter, I tend to be against forwarding, since it creates
too many inter-machine dependencies (thus making it architecturally
"brittle" -- as Cricket puts it -- or, in other words, non-robust) for my
tastes, and usually doesn't perform well because of the extra latency
introduced. However, there are doubtless some network
topologies/architectures where it makes a lot of sense to use forwarding.
I would run some real-world tests and analyze the results -- looking at
both the average query time and the worst-case time, and giving
appropriate weight to each -- to see if forwarding makes sense in your
environment. Try to come up with some decent test data, though; both the
query mix and the query timing affect the relative performance of
forwarding versus root-hints architectures because of the effects of
caching, the TTLs on the records, etc.. If it were me, I'd grab the
actual query logs from my nameservers and use them to "replay" a whole
day's worth of queries...


- Kevin