Using forwarders
Mark Andrews
Mark_Andrews at isc.org
Wed Jun 25 02:31:22 UTC 2008
> I am familiar with using forwarders for conditional forwarding of certain
> zones, and understand the reasons for doing so. I am also familiar with
> using forwarders with an internal and external dns model, where you do not
> wish to allow your internal dns direct access to external
> entities/internet/etc.
>
>
>
> What about the situation where a company has a single DNS server, that has
> direct internet access, and they add a forwarder to their ISP. What is the
> case for this? I do not believe that DNS processing is so cpu intensive
> that pawning off the recursive lookups to another server buys you a whole
> lot. Same goes for bandwidth. Assume the server has internet access via
> NAT or PAT, I don't see any real driving reasons. I bring this up because I
> have a client doing just this, and I cannot think of any reason they do it
> like this, they cannot defend why its like this, but their change order
> process is so involved that for them to switch it requires more
> justification. I don't like it as well because it introduces a point of
> failure that need not be. Sure the DNS server should locally attempt
> recursive lookups on its own if the forwarder times out, but the current
> timeout was set so high (5 seconds) that requests were timing out, at least
> most of the time, before the queries could be locally resolved.
>
>
>
> So can anyone think of practical reasons why one would want to set
> forwarders to their ISP? I mean, even pooling to a much larger DNS cache
> (The ISP) doesn't seem like a big win.
>
>
>
> Brian
Forwarding made sense when you had 48/56k links connecting a
complete campus to the Internet. You would build up a big
cache on one server and all the departments would forward
to that server.
Except, in vary rare cases, those days are long gone.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list