Really odd one: parts of global DNS just dropped off the map
devilspgd at crazyhat.net
Tue Nov 30 10:58:13 UTC 2004
In message <cog120$2u2$1 at sf1.isc.org> Bill Larson <bind9 at comcast.net>
>Forwarding was promoted because it could decrease Internet bandwidth.
>Duplicate DNS requests from multiple servers could be answered by the
>cache that is being forwarded to. The problems in forwarding DNS
>queries, along with the increase in bandwidth, doesn't seem to make
>forwarding as useful as maybe it was at one time. But, old ideas and
>documentation dies slowly.
I would have thought that the additional overhead and failure point of
introducing an ISP DNS server would overrule the "savings" of a
less-then-512byte DNS lookup. However, if your users visit the same
domains as other users of your ISP, it might save the ISP a finite
amount of bandwidth -- Back in "the day" (I've only had net access since
'96 or so myself) I suppose these few bytes were worth saving...
The size of a UDP DNS request hardly seems important when compared with
the number of packets and number of bytes involved to setup and teardown
a TCP session (ignoring the actual data, just the handshake+teardown of
>I can think of at least one reason that could require forwarding. If
>you are on an internal network that has servers that provide an
>"internal" DNS view, then going directly to the root servers would not
>provide access to this internal DNS information, so forwarding would be
>necessary. (I'm not saying that a better solution wouldn't be to make
>this server a slave to the internal zone(s), but this may not be
>possible for multiple reasons.)
Agreed that there are specific situations where forwarding is a great
feature -- I'm more curious as to why so many recent (Windows 2000+)
books seem to recommend enabling forwarding as a general practice though
-- Is it just historical preference?
I have a specialized case here actually, I use forwarding on some of my
revolvers but they point to my central firewall (which has it's own
caching resolver), that resolver handles the actual lookups. My case is
unique though, the majority of DNS queries from one mail server will be
performed by another mail server within 120 seconds AND the request
would need to be passed through a central firewall anyway, so the
firewall isn't an additional point of failure.
I don't see this being a very common setup though.
>You are taking a very undeserved shot at MCSE's. I know of both
>excellent, and lazy, MCSE's. I also know of both excellent, and lazy,
>DNS administrators running BIND. Please don't attack the MCSE program
>with such a broadside, it is undeserved. (Further comments about this
>should be taken off-line.)
Sorry -- I'm going to post this on the list since it didn't come across
the way I intended and I think apologies are in order
I wasn't referring to MCSEs as a whole, I was only referring to
"crackerjack box" group of MCSEs -- For those that don't get the
reference, boxes of cereals and snacks sometimes have toys or joke
diplomas in them as a marketing gimmick. My comment was directed to the
MCSEs who got into a bootcamp that taught the test rather then taught
the concepts. In other words, the ones who "bought" their MCSE rather
then learned or earned it.
I apologize to all the competent knowledgeable MCSEs out there, I know
there are a lot of them.
I'm going to go off on a tangent, so feel free to stop reading here.
When I was processing resumes at my previous job, I had the opportunity
to meet a few who had literally never seen a corporate network until
they got out of a MCSE boot camp into the real world and were put in
charge of running one. They were easy to pick out, they used the MCSE
letterhead, and focused on their MCSE training as the primary focus of
their resume. The good ones might mention MCSE certification, but it
certainly wasn't the focus of their resume even if they had little
actual work experience.
At my current job, I have two MCSEs that work together who contact me
for assistance with their mail server on a regular basis (at least a
couple times a month, sometimes daily) -- They literally needed click
by click instructions to email me a log file using Outlook Express.
There was no language barrier between myself and either of them, between
the two of them they'd simply never attached a file that wasn't in "My
Documents" before and didn't know how to get out of "My Documents" to
"C:" -- For an end user, this would be frustrating but not unexpected.
For someone who is responsible for operating a mail server and carries
certifications, it disturbs me greatly that they don't know how to
attach a file.
I also offered the ability to FTP the file to me, but they'd never heard
of FTP before so I didn't even bother trying to educate them in that
The problem, in my opinion, is that the exceptionally dumb ones get
noticed, whereas I don't notice the intelligent ones because they read
the documentation and either don't need to contact support, or don't
make fools of themselves so they don't stand out.
Anyway, once again, I apologize to all the competent knowledgeable MCSEs
out there who know how to do their jobs properly.
Some people are like Slinkies... You can't help but
smile when you see one tumble down the stairs.
More information about the bind-users