Again: forwarders{} and delegation in zone behavior

Barry Margolin barmar at alum.mit.edu
Thu Dec 22 04:15:53 UTC 2005


In article <docsqq$2au4$1 at sf1.isc.org>,
 "Dmitry E Gouriev" <gouriev at icenet.ru> wrote:

> Hello, Barry,
> thank you for reply,
> 
> "Barry Margolin" <barmar at alum.mit.edu> ???????/???????? ? ????????
> ?????????: news:barmar-6B2269.15543321122005 at comcast.dca.giganews.com...
> > In article <doa6a5$17e2$1 at sf1.isc.org>,
> >  "Dmitry E Gouriev" <gouriev at icenet.ru> wrote:
> >
> > > Hello, here is a surprised newbie question.
> > >
> > > Thank you for explanations.
> > >
> > > We all understand that FORWARDING takes precedence
> > > over USAGE OF DELEGATION RECORDS, unless
> > > explicitely specified by empty forwarders{} in zone{},
> > > missing global forwarders in options{}, etc.
> > >
> > > However we (at least I) do not understand WHY.
> > > Ignoring known delegation records and querying
> > > major servers is a preferred default behaviour ?
> > >
> > > Does anybody know is this actualy good way and
> > > why it is better ?
> >
> > Forwarding is intended for when you can't communicate directly with
> > Internet servers, e.g. you have a firewall that blocks DNS except
> > to/from the forwarder.
> >
> 
> Mmm... "Internet servers" ? You definitely mean root DNS servers.

No, I meant Internet servers, i.e. all the outside authoritative DNS 
servers that you need to query to look something up.

> Mmm... Is it good way that any query is passed directly to the top ?

You don't usually have to go all the way to the top, because of caching.

> I supposed, forwarding is also intended to communicate
> with upstream caching DNS servers. This seems to be an
> often circumstance, isnt it ?

Yes, it's common, but usually unnecessary.  Mostly it's done by 
administrators who don't realize that their servers can do all the 
lookups directly, they don't have to go through their ISP's servers.


Here's another answer to your original question: if forwarding didn't 
take precedence over NS records, forwarding would never happen, because 
there are always NS records that can be used.

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***



More information about the bind-users mailing list