query root.hint first, then forwarders list

Mark Andrews Mark_Andrews at isc.org
Thu Feb 2 12:06:39 UTC 2006

> Hi,
> Our nameserver did all queries itself, that is used the root name 
> servers/root.hint zone. Now today something went really bad at the .ee 
> registrar. The root nameservers could not resolve many .ee addresses and 
> many local ISP's nameservers could not resolv other .ee addresses. So it 
> was quite a mess. Point being, using dig I could resolve all the queries 
> using different nameservers, root name servers versus local ones mainly.
> The solution was to set up forwarders (forward first;) in the options 
> and use our ISP's nameserver. That saved the day. Now the newspapers 
> report that the problem is solved, which is great but something similar 
> could happen again.

	Ok.  Something happened with the ee zone.   You managed to
	talk to some nameservers which happened to have cached
	results which could allow you to resolve some zones which
	you otherwise could not.
> Now the documentations says I have two options. Either I let my 
> nameserver first check the forwarders and if they fail then resolve the 
> query itself via root.hint zone or rely only on the forwarders. Why is 
> the option first try to resolve via root name servers and only then try 
> the forwarders missing? I would gladly use that one.
> Is there a reason why quering root nameservers first and only then the 
> forwarders is considered a Bad Idea? Or is there another "backup" option?

	Because in 99.999% of times it won't help.  If resolution
	directly from the root is failing it will also fail via
	forwarder.  It the problem had gone on a little longer even
	using the forwarders would have failed.

	You basically got lucky that it worked at all.  If the
	COM.AU or CO.NZ zones had been broken then chances of your
	ISP's servers helping you out would be slim to none as they
	would be unlikely enough to have cache enough information
	about those zones to be useful.

	The solution is to put sanity checks into the processes
	used to manage the ee and other infrastructure zones.


> Thanks,
>        Alex
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the bind-users mailing list