Slaves or Forwarders?

Tony Finch dot at
Tue Aug 23 15:00:20 UTC 2016

Baird, Josh <jbaird at> wrote:
> In the past, when I have had a requirement to bring a slave zone into
> our environment; I created a slave zone on my master(s) (defining the
> external nameserver as a master) and then created slave zones on my
> slaves using *my* master as a master (not the master outside of my
> environment).

> Is this method of 'sub-slaves' considered an acceptable practice?

Yes. (The new EDNS EXPIRE feature makes it a bit safer too.)

> Some folks also like to use forwarders if they don't have the capability
> to slave the zone.  In this scenario, I would have to create a 'forward'
> zone on each of my caching servers that forwards requests for ''
> to the up-stream nameserver authoritative for the zone.

Be careful doing that. The target forwarders have to be recursive servers.

This matters if there is a delegated subdomain; if you are forwarding to
an authoritative-only server which returns a referral, BIND will be upset
that it did not get the final answer it expected.

> I would think that slaving the zone would be the preferred method, since
> my master/slaves could still serve the zone if the up-stream/forwarder
> becomes unreachable (until my slave expires).

Yes, slaving can be more robust. But forwarding can be simpler.

f.anthony.n.finch  <dot at>  -  I xn--zr8h punycode
Trafalgar: Easterly 6 to gale 8 in east, otherwise northerly or northeasterly
4 or 5, increasing 6 at times. Slight or moderate, occasionally rough in east.
Showers. Good.

More information about the bind-users mailing list