Forward vs Authoritative traffic

Nex6|Bill n6ghost at yahoo.com
Fri Nov 7 21:31:40 UTC 2014


zone is hosted on a load balancer, with parent org NS on internet side.  when internet goes down, application goes down. putting a forward zone means internet downtime does not cause issues.


On Nov 7, 2014, at 12:56 PM, Darcy Kevin (FCA) <kevin.darcy at fcagroup.com> wrote:

> If your nameserver can get the info equally reliably either way, I'd question why you're using forwarding in the first place.
> 
> Do you think you're going to get some sort of performance benefit from that?
> 
> But, to answer your question, in the absence of taking a packet capture, you could always define all the authoritative nameservers as "blackhole" or "bogus" in your named.conf and see if the names still resolve (this assumes that the forwarders are *not* the same, or a subset, of the auth servers. If they are the same, or a subset, then I *really* would question why you're forwarding in the first place, since in that case the queries are going to *exactly*the*same*place*, and all you're basically doing is manipulating the value of the "RD" bit).
> 
> 												- Kevin
> 
> -----Original Message-----
> From: bind-users-bounces at lists.isc.org [mailto:bind-users-bounces at lists.isc.org] On Behalf Of Nex6|Bill
> Sent: Friday, November 07, 2014 3:05 PM
> To: Barry Margolin
> Cc: comp-protocols-dns-bind at isc.org
> Subject: Re: Forward vs Authoritative traffic
> 
> My name server is not authoritative for it.  but i want to verify once the forward is in place the query is following the forward and not the authoritative path.
> 
> 
> On Nov 7, 2014, at 11:46 AM, Barry Margolin <barmar at alum.mit.edu> wrote:
> 
>> In article <mailman.1182.1415388915.26362.bind-users at lists.isc.org>,
>> Nex6|Bill <n6ghost at yahoo.com> wrote:
>> 
>>> I am going to be adding a type forward zone for an important zone.  
>>> how can i test that the forward is working correctly? if i do a dig 
>>> against the NS the record will return no matter if its auth or fwd zone.
>> 
>> If you don't have a zone file for the zone on the server, yet it 
>> returns the correct answer, then it must be forwarding. Where else 
>> would it get the answer?
>> 
>> --
>> Barry Margolin
>> Arlington, MA
>> _______________________________________________
>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to 
>> unsubscribe from this list
>> 
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
> 
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20141107/4411934c/attachment.bin>


More information about the bind-users mailing list