does zone trump forward?

Alan Shackelford ashackel at jhmi.edu
Tue Jun 4 13:42:06 UTC 2013


I wasn't trying to start a fight. Perhaps I didn't provide enough detail.

We have 2843 authoritative zones. We run a split brain DNS. The new hospitals and other entities need to see our internal zone view once they have "joined". So I have them forward queries during the early stages of the merger, until I can get control of their DNS and make appropriate changes. There are fatherhood issues and all manner of ego problems involved in absorbing someone else's DNS. This step provides a workable solution in the very first stages. Then I make them slaves, with a reasonable expire time, to give them a copy of the data locally.

As for the distinction between forwarding and recursion, I used the term forwarding to describe him sending queries for my internal zones to me, thereby ensuring he sees the internal presentation of the data. I used the term recursion to describe his DNS doing recursion for all names and IPs that were not owned by either of us. This allows his users to look up all of his data, and all other data on earth except mine, no matter what happens with the cup-and-string circuit. Then, once the fiber is turned up, we do a proper merge.

Sorry to have ruffled Kevin's feathers. Just trying to describe a behavior in response to a question from the field. I was certainly not recommending a configuration. Not everyone has to deal with these issues in a clinical environment. I do.

Alan


From: bind-users-bounces+ashackel=jhmi.edu at lists.isc.org [mailto:bind-users-bounces+ashackel=jhmi.edu at lists.isc.org] On Behalf Of Kevin Darcy
Sent: Monday, June 03, 2013 3:40 PM
To: bind-users at lists.isc.org
Subject: Re: does zone trump forward?

Why would you use forwarding over links that are "neither fat nor reliable"? Are you a masochist? Replication of the data is much recommended over such links...

As for your "pecking order", what distinction are you drawing between forwarding and recursion? Forwarding is recursive. The high-level distinction is between having the data authoritative locally and not having it authoritative locally. If you want to make a finer distinction within the not-locally-authoritative case, then make the distinction between recursive (e.g. forwarding) and iterative (e.g. stub, or delegation from an internal root zone).

                                                                                                                                                                    - Kevin


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20130604/6441dab4/attachment.html>


More information about the bind-users mailing list