Forwarding under which conditions?
barmar at alum.mit.edu
Tue Jun 13 11:08:48 UTC 2006
In article <e6lu48$ftq$1 at sf1.isc.org>,
Arik Raffael Funke <arik.funke at gmx.de> wrote:
> Barry Margolin wrote:
> > Arik Raffael Funke <arik.funke at gmx.de> wrote:
> >> Can anybody summarise briefly when to and when not to use forwarding? I
> >> thought I use local caching such as to speed up queries.
> > Use forwarding when there's something preventing you from contacting
> > other servers on the Internet, like a firewall.
> > Whether you use forwarding or not, your server will still cache the
> > results.
> My internal clients cannot reach the public dns servers directly due to
> non-public ips.
The clients don't matter, what matters is whether your SERVER can reach
> If I simply forward dns queries with iptables to an
> external dns, the external dns caches the info, but I still have to get
> it to my local network every time a query is run. I thus have a delay -
> especially if the remote machine is slow. I was looking to eliminate
> this delay.
BIND forwarding is not like iptables forwarding. It's not just passing
the packets through, it's still a DNS server. When you enable
forwarders, you're just telling it "Instead of asking the authoritative
servers yourself, ask these servers; either way, cache the results."
In general, asking the authoritative servers will be better, because the
TTLs of the responses will be longer. Suppose one your users looks up a
record whose authoritative TTL is 60 minutes, and you forward to your
ISP's server. If it cached the record 59 minutes ago, the record you
receive will have a 1-minute TTL, so you'll have to look it up again if
one of your users asks again a minute later. But if you go to the
authoritative server directly, you'll get the full 60 minute TTL and
won't have to query again for an hour.
Barry Margolin, barmar at alum.mit.edu
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***
More information about the bind-users