Fw: Again: forwarders{} and delegation in zone behavior
Dmitry E Gouriev
gouriev at icenet.ru
Fri Jan 6 18:43:49 UTC 2006
----- Original Message -----
From: "Dmitry E Gouriev" <gouriev at icenet.ru>
To: <bind-users at isc.org>
Sent: Thursday, December 29, 2005 1:34 AM
Subject: Re: Again: forwarders{} and delegation in zone behavior
> Hello, Barry,
> thank you
>
> ----- Original Message -----
> From: "Barry Margolin" <barmar at alum.mit.edu>
> Newsgroups: comp.protocols.dns.bind
> To: <comp-protocols-dns-bind at isc.org>
> Sent: Thursday, December 22, 2005 7:15 AM
> Subject: Re: Again: forwarders{} and delegation in zone behavior
>
>
> > In article <docsqq$2au4$1 at sf1.isc.org>,
> > "Dmitry E Gouriev" <gouriev at icenet.ru> wrote:
> >
> > > Hello, Barry,
> > > thank you for reply,
> > >
> > > "Barry Margolin" <barmar at alum.mit.edu> ???????/???????? ? ????????
> > > ?????????:
news:barmar-6B2269.15543321122005 at comcast.dca.giganews.com...
> > > > In article <doa6a5$17e2$1 at sf1.isc.org>,
> > > > "Dmitry E Gouriev" <gouriev at icenet.ru> wrote:
> > > >
> > > > > Hello, here is a surprised newbie question.
> > > > >
> > > > > Thank you for explanations.
> > > > >
> > > > > We all understand that FORWARDING takes precedence
> > > > > over USAGE OF DELEGATION RECORDS, unless
> > > > > explicitely specified by empty forwarders{} in zone{},
> > > > > missing global forwarders in options{}, etc.
> > > > >
> > > > > However we (at least I) do not understand WHY.
> > > > > Ignoring known delegation records and querying
> > > > > major servers is a preferred default behaviour ?
> > > > >
> > > > > Does anybody know is this actualy good way and
> > > > > why it is better ?
> > > >
> > > > Forwarding is intended for when you can't communicate directly with
> > > > Internet servers, e.g. you have a firewall that blocks DNS except
> > > > to/from the forwarder.
> > > >
> > >
> > > Mmm... "Internet servers" ? You definitely mean root DNS servers.
> >
> > No, I meant Internet servers, i.e. all the outside authoritative DNS
> > servers that you need to query to look something up.
> >
> > > Mmm... Is it good way that any query is passed directly to the top ?
> >
> > You don't usually have to go all the way to the top, because of caching.
> >
> > > I supposed, forwarding is also intended to communicate
> > > with upstream caching DNS servers. This seems to be an
> > > often circumstance, isnt it ?
> >
> > Yes, it's common, but usually unnecessary. Mostly it's done by
> > administrators who don't realize that their servers can do all the
> > lookups directly, they don't have to go through their ISP's servers.
> >
>
> I removed forwarders at all and everything works nice.
>
> However I still doubt a little is this the best way,
> because I do not share a cache of upsream DNS
> resolver...
>
> >
> > Here's another answer to your original question: if forwarding didn't
> > take precedence over NS records, forwarding would never happen, because
> > there are always NS records that can be used.
> >
>
> You mean that named.root (or .cache) RRs are treated as all other RRs,
> say cached ones and ones the server is authoritative for ?
>
> Regards,
> Dmitry
>
More information about the bind-users
mailing list