Why use Forwarders?

Jim Reid jim at rfc1035.com
Thu Mar 11 15:53:38 UTC 2004 

>>>>> "Oli" == Oli Comber <oli at niceltowers.co.uk> writes:

    Oli> Hi List, I've had problems recently with my bind9 setup where
    Oli> resolution would be very slow or not work at all when using
    Oli> Forwarders.

So don't use forwarding. It's mostly stupid and pointless anyway.

    Oli> Now I'm not using them, resolution is fine and dandy and very
    Oli> fast.

Good. If that's the case, why bother with something stupid like
forwarding?

    Oli> Why would one want to use a forwarder instead of doing a
    Oli> lookup directly?

That's a good question. There are very few reasons why forwarding is
either necessary or desirable. Your environment doesn't appear to be
one of them.

    Oli> Does a DNS server have to be set up in a different way to be
    Oli> used as a forwarder?

Maybe. It depends on the implementation and how the server is configured.
Out of the box BIND accepts queries from anywhere.

    Oli> Can a server recognise that it is being used as a Forwarder
    Oli> and prioritise against that?

Maybe. It depends on the implementation and how the server is configured.
Out of the box BIND accepts queries from anywhere. There's nothing in
the DNS protocol to identify a forwarded query. However a server may
be given a list of known IP addresses that will forward queries to it.

    Oli> I'm a bit confused - I don't like things that suddenly start
    Oli> working by magic!

Well, there's nothing magical about a properly configured DNS server
and queries getting resolved properly. That's the way the DNS is
supposed to work. In a setup that relies on forwarding, all bets are
off. The target of the forwarded queries could get overloaded with
lookups. It could get switched off or renumbered and that could make
resolution stop for the idiots who forward queries to that server. It's
also possible to get forwarding loops: ie server A forwards queries to
B which forwards them to... server A. Naive DNS administrators believe
forwarding will speed up resolution: it usually doesn't. It does
create administrative complexity because forwarding setups tend not
to be documented. That means nobody's really sure how queries get
resolved or what will break if a server is switched off. And as for
troubleshooting problems.....

Consult the list archives for more details on why forwarding is
usually a Very Bad Idea. A search for something like "forwarding
considered stupid/harmful/dangerous" will point you in the right
direction.

More information about the bind-users mailing list