Sequence with multiple forwarders

phn at icke-reklam.ipsec.nu phn at icke-reklam.ipsec.nu
Sat Mar 2 10:09:30 UTC 2002


Jack Aubert <jaubert at chezaubert.net> wrote:
> We have a kind of complex internal DNS system that relies on selective
> forwarding.  It works fine, but I need to add in some more DNS reduncancy to
> match gateway/firewall/WAN redundancy.  I can solve some of the problems by
> stacking selective forwarders and having them each forward to two external
> paths.  The details of this are irrelevant to my question, however.  What I
> need to know, and the otherwise excellent and revered DNS and BIND book is
> not entirely clear on this point is this:  When you use two separate
> forwarders, is the timing simultaneous or sequential.  My initial
> supposition was that my DNS forwards to both places and passes back the
> first answer that comes in. 

Nope.  One of the forwarders is selected, and the answer time is used
to update a "roundtrip-time" database for this forwarding "group".

Next time a forwarding is needed the one with lowest rtt will be used, 
again updating the table.  Other mechansms will "age" the values so
all forwarders will be used/tried eventually. ( the above is bind-8 only,
bind-9 will currently use forwarders in the order mentioned, and use the
secone one only if the first times-out)


But that raises some further questions:  If the
> first forwarder were to return with an nxdomain or a servfail message would
> my own DNS wait for the second response at all? 

na.


 Or is forwarding to
> multiple forwarders sequential and the second forwarder is used only if the
> first times out with no response?  I have to decide if the reduncancy is
> worth extra traffic and/or extra delay across overseas WAN circuits, some of
> which are not very good.



-- 
Peter Håkanson         
        IPSec  Sverige      (At the Riverside of Gothenburg, home of Volvo)
           Sorry about my e-mail address, but i'm trying to keep spam out.
	   Remove "icke-reklam" and it works.


More information about the bind-users mailing list