Root server cannot be a forwarder?

Peter Dambier peter at peter-dambier.de
Wed Oct 18 17:57:16 UTC 2006


yinzhang57 at yahoo.com wrote:
> Heard that on a BIND root server, recursion is disabled and it will not
> do recursion, therefore cannot be a forwarder?
> 

It depends on what you want to do.

E.g. my own BIND 9.4.0b2 is my local resolver.

I believe that domains I am authoritative for, cannot get cache poisoned.
That is why I am slaving every important domain I can.

It slaves the root too.

Why?

To prevent bogus queries like localhost, local, or 192.168... from
escaping my network. I am authoritative for those domains.

Some poor people on backwater domains have only a single nameserver.
Sometimes those domains get lost. I have a local copy and I am
authoritative. I need not even query for those domains.

The root zone is just a very little domain compared to com, net or org.
I never need to query the root-servers.

I rarely need to axfr a zone. I never query those zones. So I spare
them a lot of traffic.

As the root is already loaded I very often drop one query level and
my answers are faster.

Zones I need are present locally. No query to the outside at all.

But my server is not for the public. It serves locally only.

If I was running a root-server for the public, I would run nothing
but the root. I definitely would switch recursion off because I
am not a resolver.

Kind regards
Peter and Karin Dambier


-- 
Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
Von-Erthal-Strasse 4
D-64646 Heppenheim
+49(6252)671-788 (Telekom)
+49(6252)750-308 (VoIP: sipgate.de)
mail: peter at peter-dambier.de
mail: peter at echnaton.serveftp.com
http://iason.site.voila.fr/
https://sourceforge.net/projects/iason/
http://www.cesidianroot.com/



More information about the bind-users mailing list