Using forwarders

[Mark Andrews]

> I am familiar with using forwarders for conditional forwarding of certain
> zones, and understand the reasons for doing so.  I am also familiar with
> using forwarders with an internal and external dns model, where you do not
> wish to allow your internal dns direct access to external
> entities/internet/etc.
> 
>  
> 
> What about the situation where a company has a single DNS server, that has
> direct internet access, and they add a forwarder to their ISP.  What is the
> case for this?  I do not believe that DNS processing is so cpu intensive
> that pawning off the recursive lookups to another server buys you a whole
> lot.  Same goes for bandwidth.  Assume the server has internet access via
> NAT or PAT, I don't see any real driving reasons.  I bring this up because I
> have a client doing just this, and I cannot think of any reason they do it
> like this, they cannot defend why its like this, but their change order
> process is so involved that for them to switch it requires more
> justification.  I don't like it as well because it introduces a point of
> failure that need not be.  Sure the DNS server should locally attempt
> recursive lookups on its own if the forwarder times out, but the current
> timeout was set so high (5 seconds) that requests were timing out, at least
> most of the time, before the queries could be locally resolved.
> 
>  
> 
> So can anyone think of practical reasons why one would want to set
> forwarders to their ISP?  I mean, even pooling to a much larger DNS cache
> (The ISP) doesn't seem like a big win.  
> 
>  
> 
> Brian

	Forwarding made sense when you had 48/56k links connecting a
	complete campus to the Internet.  You would build up a big
	cache on one server and all the departments would forward
	to that server.

	Except, in vary rare cases, those days are long gone.

	Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org