Forwarding Environment

[Tony Earnshaw]

Merton Campbell Crockett skrev, on 10-06-2007 02:00:

> There is a changing in the guard at my company.  My responsibility  
> for DNS is being shifted to our IT subcontractor.  The IT  
> subcontractor has constructed a new DNS architecture based on the use  
> of forwarding.
> 
> There has been a significant increase in users reporting name  
> resolution problems and increased reports of network "slowness" that  
> may be related to problems resolving domain names.
> 
> At each of our corporate site's there is a server that runs the ISC  
> DHCP and BIND daemons.  Each server has a forwarders statement in its  
> global options that lists the IP addresses of three "core" name  
> servers located at site's with Internet access.  These also happen to  
> be the sites with the most network congestion.

My own experience is, that making use of forwarders for BIND often leads 
to problems such as you are now finding. Each individual BIND (9 on all 
my servers) server is perfectly capable of making its own decisions, 
which aren't recursive. A typical example is a caching name server on a 
server running an MTA: any forwarding voids completely the whole point 
of running the caching DNS server locally.

I can only presume that your IT subcontractor is doing this to try to 
avoid redundant zone maintenance, while the basic problem is the 
configuration of the DNS server on each host or subnet.

As an aside, I have constant conflicts with people running Microsoft DNS 
and other software on my networks, since their mindset and approach is 
most often completely different from those of Unix/Linux people. The 
approach of your IT subcontractor reminds me of the approach some 
Microsoft people might make.

--Tonni

-- 
Tony Earnshaw
Email: tonni at hetnet dot nl