intelligent selection of forwarders?

Johan Ihren johani at autonomica.se
Sun Aug 18 15:35:11 UTC 2002


Chan Wilson <cwilson at slurp.corp.sgi.com> writes:

> Jim Reid <jim at rfc1035.com> inscribed onto the electric medium...
> > Er, I might be asking the obvious question but why would you *ever*
> > configure a name server to forward queries to an unreliable target?
> > Wouldn't it be a lot simpler to just get rid of forwarding altogether
> > and have your name server find out the good and bad name servers for
> > itself by following NS records?
> 
> In a firewalled environment with split DNS, there is little recourse
> beyond using forwarders to provide the proper path for resolution.
> The per-zone forwarding that bind9 offers is a great improvement in
> forwarders, but it does have its drawbacks.

Not really true.

You can always configure your stub resolvers to use a full service
resolver on the DMZ outside the f/w.

I'm not at all saying that is always the best solution, but since
you're already depending on boxes outside the f/w you *could* point
them out directly to your clients bypassing the forwarding
contraption.

Johan


More information about the bind-workers mailing list