does zone trump forward?

Kevin Darcy kcd at chrysler.com
Tue Jun 4 17:16:47 UTC 2013 

Please excuse my prickliness, but I've spent almost a whole career 
dealing with the wreckage of inappropriate forwarding...

                     - Kevin

On 6/4/2013 9:42 AM, Alan Shackelford wrote:
>
> I wasn't trying to start a fight. Perhaps I didn't provide enough detail.
>
> We have 2843 authoritative zones. We run a split brain DNS. The new 
> hospitals and other entities need to see our internal zone view once 
> they have "joined". So I have them forward queries during the early 
> stages of the merger, until I can get control of their DNS and make 
> appropriate changes. There are fatherhood issues and all manner of ego 
> problems involved in absorbing someone else's DNS. This step provides 
> a workable solution in the very first stages. Then I make them slaves, 
> with a reasonable expire time, to give them a copy of the data locally.
>
> As for the distinction between forwarding and recursion, I used the 
> term forwarding to describe him sending queries for my internal zones 
> to me, thereby ensuring he sees the internal presentation of the data. 
> I used the term recursion to describe his DNS doing recursion for all 
> names and IPs that were not owned by either of us. This allows his 
> users to look up all of his data, and all other data on earth except 
> mine, no matter what happens with the cup-and-string circuit. Then, 
> once the fiber is turned up, we do a proper merge.
>
> Sorry to have ruffled Kevin's feathers. Just trying to describe a 
> behavior in response to a question from the field. I was certainly not 
> recommending a configuration. Not everyone has to deal with these 
> issues in a clinical environment. I do.
>
> Alan
>
> *From:*bind-users-bounces+ashackel=jhmi.edu at lists.isc.org 
> [mailto:bind-users-bounces+ashackel=jhmi.edu at lists.isc.org] *On Behalf 
> Of * Kevin Darcy
> *Sent:* Monday, June 03, 2013 3:40 PM
> *To:* bind-users at lists.isc.org
> *Subject:* Re: does zone trump forward?
>
> Why would you use forwarding over links that are "neither fat nor 
> reliable"? Are you a masochist? Replication of the data is much 
> recommended over such links...
>
> As for your "pecking order", what distinction are you drawing between 
> forwarding and recursion? Forwarding is recursive. The high-level 
> distinction is between having the data authoritative locally and not 
> having it authoritative locally. If you want to make a finer 
> distinction within the not-locally-authoritative case, then make the 
> distinction between recursive (e.g. forwarding) and iterative (e.g. 
> stub, or delegation from an internal root zone).
>
>                                             - Kevin
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20130604/6dcce782/attachment-0001.html>

More information about the bind-users mailing list