impact of changing from forwarder to delegation

Kevin Darcy kcd at chrysler.com
Tue Oct 28 00:00:08 UTC 2008


blrmaani wrote:
> My DNS has been setup to forward queries to a external customer. Now I
> want to change
> it to forward using delegation. What will be the impact on my external
> customer? Do
> they see any additional logs? Any firewall changes for them.
>
>   
I assume you mean that are you going to delegate a particular zone 
*instead* of forwarding. The terminology "forward using delegation" is a 
little confusing because "forwarding" in BIND terms is separate and 
distinct from iterative-resolution-via-following-delegations.

The big difference will be that your queries will be non-recursive.

The main impact of this is that if there are any descendant (i.e. child, 
grandchild, etc.) zones whose published nameservers are *unreachable* 
from your nameservers, you won't be able to resolve them. Presumably if 
any such unreachable zones exists, you are currently depending on the 
apex nameservers to recursively resolve names in all descendant zones. 
E.g. if you're currently forwarding child.example.com, that might also 
allow you resolve grand.child.example.com names, even if you can't reach 
the published grand.child.example.com nameservers directly. If you stop 
forwarding and merely delegate child.example.com, then you may need to 
create explicit forward-only definitions for any unreachable descendants 
such as grand.child.example.com. Reachable descendant zones should 
resolve fine, and in fact should be more resolved more efficiently, and 
be more resilient to outages, than your current forwarding setup.

Another potential impact of your queries becoming non-recursive, is if 
the delegated nameservers are doing convoluted stuff like 
"recursion-only" views. But that's unlikely. You might want to check 
with them though.

                                                                         
                  - Kevin



More information about the bind-users mailing list