Really odd one: parts of global DNS just dropped off the map
Kevin Darcy
kcd at daimlerchrysler.com
Tue Nov 30 22:47:11 UTC 2004
DevilsPGD wrote:
>In message <co448b$2gct$1 at sf1.isc.org> Jim Reid <jim at rfc1035.com> wrote:
>
>
>
>>Why are you using forwarding? This is silly, dangerous and
>>pointless. Consult the list archives for an explanation. Perhaps your
>>DNS infrastructure has been forwarding queries to servers that were
>>broken or had connectivity problems? This is one of the reasons why
>>people should run their own name servers: when something goes wrong,
>>there are less links in the chain to troubleshoot.
>>
>>
>
>I agree 100% with the above -- I'm curious, can anybody tell me why the
>whole forwarding fetish seems to be so popular, especially in printed
>books and documentation and MCSEs?
>
Some people and some cultures think more hierarchically than
peer-to-peer. Forwarding queries goes along with that hierarchical
thinking, e.g. the local server forwards queries it doesn't know to the
regional server which forwards queries it doesn't know to the corporate
server, or whatever.
Also, I think the hierarchical nature of the *namespace* confuses some
people into thinking that the *resolution*mechanism* should be
hierarchical too, even though the two don't really have any direct
relationship with each other.
I remember a meeting years ago where I had advocated an internal-root
architecture over a forwarding architecture, and cited "more intuitive
because it's more like how the Internet works" as a "plus" point and was
told bluntly that no, the forwarding model was more intuitive (no clear
reason given). Up to then, I didn't even think the point was debatable.
One way in which I've had limited success talking people out of
forwarding is to explain that forwarding essentially enfeebles your
eminently-capable nameserver setup, reducing it to nothing more than a
stub resolver with a cache, where the nameservers it uses for resolving
queries can't even -- as would typically be the case for personal
computers and/or workstations -- be centrally managed via DHCP. People
tend to view forwarding less favorably once they realize that it
actually makes their nameserver setup less capable and *dumber* than it
would be otherwise.
- Kevin
More information about the bind-users
mailing list