A question with forwarder and listen-on

[Kevin Darcy]

On 2/19/2010 11:51 PM, Kevin Oberman wrote:
>> Date: Fri, 19 Feb 2010 20:30:27 -0800 (PST)
>> From: gmspro<gmspro at yahoo.com>
>> Sender: bind-users-bounces+oberman=es.net at lists.isc.org
>>
>> > From /etc/bind/named.conf
>>
>> forwarders {
>>         212.27.53.252;
>>         212.27.54.252;
>> };
>>      
> Queries will be forwarded to these to name servers rather than be
> resolved locally. Commonly used on internal servers to handle queries
> for external information.
>
>    

At the risk of nitpicking...

s/ rather than /, or, if the forwarders are unavailable, / (depending on 
the forwarding mode setting, "forward first" versus "forward only").

"Forward only" is for limited-connectivity situations (e.g. behind an 
Internet firewall), where you can't reach the relevant nameservers 
through the regular iterative-resolution process and have to essentially 
assume the role of a stub resolver -- albeit one with a caching -- and 
rely on upstream resolvers to resolve the query for you.

"Forward first" assumes you can reach nameservers through iterative 
resolution, if necessary, but you prefer, presumably as an optimization, 
to try some forwarders first (hopefully they return an answer faster 
than fetching it yourself).

Forwarding is inherently inefficient and introduces more potential 
points of failure, so it is usually seen in the "forward only" mode, 
where there is no other choice to get around a connectivity restriction. 
"Forward first" for optimization rarely delivers the hoped-for 
performance benefit, although it does find a niche occasionally.

                                                                         
                                                     - Kevin