Really odd one: parts of global DNS just dropped off the map

Kevin Darcy kcd at daimlerchrysler.com
Tue Nov 30 22:47:11 UTC 2004 

DevilsPGD wrote:

>In message <co448b$2gct$1 at sf1.isc.org> Jim Reid <jim at rfc1035.com> wrote:
>
>  
>
>>Why are you using forwarding? This is silly, dangerous and
>>pointless. Consult the list archives for an explanation. Perhaps your
>>DNS infrastructure has been forwarding queries to servers that were
>>broken or had connectivity problems? This is one of the reasons why
>>people should run their own name servers: when something goes wrong,
>>there are less links in the chain to troubleshoot.
>>    
>>
>
>I agree 100% with the above -- I'm curious, can anybody tell me why the
>whole forwarding fetish seems to be so popular, especially in printed
>books and documentation and MCSEs?
>
Some people and some cultures think more hierarchically than 
peer-to-peer. Forwarding queries goes along with that hierarchical 
thinking, e.g. the local server forwards queries it doesn't know to the 
regional server which forwards queries it doesn't know to the corporate 
server, or whatever.

Also, I think the hierarchical nature of the *namespace* confuses some 
people into thinking that the *resolution*mechanism* should be 
hierarchical too, even though the two don't really have any direct 
relationship with each other.

I remember a meeting years ago where I had advocated an internal-root 
architecture over a forwarding architecture, and cited "more intuitive 
because it's more like how the Internet works" as a "plus" point and was 
told bluntly that no, the forwarding model was more intuitive (no clear 
reason given). Up to then, I didn't even think the point was debatable.

One way in which I've had limited success talking people out of 
forwarding is to explain that forwarding essentially enfeebles your 
eminently-capable nameserver setup, reducing it to nothing more than a 
stub resolver with a cache, where the nameservers it uses for resolving 
queries can't even -- as would typically be the case for personal 
computers and/or workstations -- be centrally managed via DHCP. People 
tend to view forwarding less favorably once they realize that it 
actually makes their nameserver setup less capable and *dumber* than it 
would be otherwise.

- Kevin

More information about the bind-users mailing list