Bind 8.2.3 Not Resolving In Stub Zone As Expected

Thu Jun 21 22:53:40 UTC 2001

nick at glimmer.demon.co.uk wrote:

> On 20 Jun 2001 01:45:42 -0700, Marc.Thach at radianz.com wrote:
>
> >As for forwarding, yes that's what I meant.  If they don't want their
> >masters recursing for you then maybe they should provide caching servers
> >for this purpose (or you could put one in outside your firewall), it really
> >depends on volumes and your relationship with them.  You just put the
> >appropriate IP addresses in a forward zone, they don't have to be the
> >masters for the zone, forwarding is really a kludge.
>
> > ... when integrating two private networks
> >(particularly if there is or might be other inter-network connectivity)
> >then selective zone forwarding can be a real boon.
>
> I certainly like the idea of their servers recursively handling our
> queries, but I was under the impression selective forwarding was unreliable
> or broken with Bind 8 and needs Bind 9 - I'm sure someone told me stub
> zones were a better idea with Bind 8.

I think you may have misunderstood. Generally you want to avoid forwarding
because it doesn't scale well, and by limiting the choices your nameserver
makes as to what other nameservers to use for resolving names, it loses some
optimization and robustness. Certainly, in situations where you just want to
"override" the delegation information for a particular zone, or override any
forwarding directive you have at a higher level, defining a zone as "stub" is
preferable to defining it as "forward" (in the case where you want to override
higher-level forwarding, you'll need a "forwarders { }" clause in the stub zone
definition in order to achieve this effect).

However, to deal with connectivity issues, sometimes forwarding is the
*only* choice. It would appear from the log output you posted earlier that you
do indeed have some sort of connectivity issue. Therefore forwarding might be
the answer for you. But I would still try to limit the use of forwarding as
much as possible, and wherever you're using forwarding to deal with a lack of
connectivity, make sure to specify "forward only", otherwise if you lose
contact with your forwarder(s), your nameserver will beat its head against the
wall trying to talk to the nameservers directly. In such a situation, it's
better that the queries fail immediately, than for your nameserver to get
bogged down with doomed resends/retries.

> Anyway, I'm off to find out how to get my servers to make recursive queries
> to the stub zone.  I know you can tell your own servers whether or not to
> allow recursion but I don't know how to make mine *request* recursion from
> the other servers.

You make your server "request recursion" from other servers by setting it up to
forward to those servers. That's basically the whole point of forwarding.

- Kevin