intelligent selection of forwarders?
Johan Ihren
johani at autonomica.se
Sun Aug 18 15:35:11 UTC 2002
Chan Wilson <cwilson at slurp.corp.sgi.com> writes:
> Jim Reid <jim at rfc1035.com> inscribed onto the electric medium...
> > Er, I might be asking the obvious question but why would you *ever*
> > configure a name server to forward queries to an unreliable target?
> > Wouldn't it be a lot simpler to just get rid of forwarding altogether
> > and have your name server find out the good and bad name servers for
> > itself by following NS records?
>
> In a firewalled environment with split DNS, there is little recourse
> beyond using forwarders to provide the proper path for resolution.
> The per-zone forwarding that bind9 offers is a great improvement in
> forwarders, but it does have its drawbacks.
Not really true.
You can always configure your stub resolvers to use a full service
resolver on the DMZ outside the f/w.
I'm not at all saying that is always the best solution, but since
you're already depending on boxes outside the f/w you *could* point
them out directly to your clients bypassing the forwarding
contraption.
Johan
More information about the bind-workers
mailing list