Name resolution follows forwarders instead of delegations on master server

Kevin Darcy kcd at chrysler.com
Wed Jan 27 15:26:05 UTC 2010


I've found over the years that many people find "forwarders { };" to be 
non- or even counter-intuitive.

"I want to forward, but I'm explicitly telling you not to use any other 
server for forwarding". Huh?

My 2 cents is that a different forwarding *mode* (e.g. "forward no", 
"forward none") would make more sense than "forwarders { };"

                                                                         
                                                                         
- Kevin

On 1/27/2010 6:48 AM, Cathy Almond wrote:
> Taylor, Gord wrote:
>    
>> I've noticed that if I have default forwarders setup in the options
>> section of my named.conf, then BIND (9.4.1-P1) will forward to these
>> servers rather than following the delegations for zones where it's
>> authoritative (verified via sniffer trace). Is this true of all BIND
>> versions?
>>      
> Yes (at least anything reasonably recent).
>
>    
>> In my case, the forwarders in the options section are in my primary data
>> centre which is authoritative for all of our internal zones, and the
>> config below exists in one our geographical data centers (overseas),
>> which is master only a subset of the zones. Since the delegation is to a
>> local F5 GTM in that same geographical datacenters, I really don't want
>> everything coming back across the WAN, only to be delegated back across
>> the WAN again (lots of inefficiencies). I've found that putting an empty
>> forwarders statement in the zone config (e.g. forwarders { };) prevents
>> following the default forwarders, so I have a workaround for now.
>>      
> This isn't a workaround, it's the correct configuration to ensure that
> resolution follows the delegation to the subdomain servers instead of
> using global forwarding.
>
>    
>> This behavior seems a little counter-intuitive to me and never caused me
>> any problems until recently. So I wanted to know if this behavior was
>> consistent across all BIND versions, or if it only happened recently due
>> to our BIND version upgrade last year (9.4.1-P1). I'm looking at another
>> code upgrade shortly, so want to ensure no surprises...
>>
>> Any help/clarification is appreciated
>>      
> You shouldn't get any new surprises relating to forwarding on your next
> upgrade :-)
>
> Cathy
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
>
>
>    





More information about the bind-users mailing list