newbie: question about forwarders
Jim Reid
jim at rfc1035.com
Wed Aug 25 19:35:15 UTC 2004
>>>>> "Mike" == Mike <sorry at nospam.nl> writes:
Mike> 1) am I wrong in my thinking the nameservers of my isp would
Mike> make great forwarders?.
Yes. Forwarding is stupid and pointless. You're much better off
running a name server that resolves things for itself. You should
NEVER EVER forward to another server unless the operator of that
server agrees and documents that. Even then, the "benefits" of
forwarding are dubious. In most cases, forwarding queries creates
hidden dependencies and unnecessary single points of failure. Consult
the list archives for more details.
Mike> 2) Why on earth would my isp make the nameservers
Mike> non-recursive?
Because they don't want to serve recursive clients or bozos who
configure forwarding name servers that point at their servers. It's
also very common these days for authoritative name servers to have
recursion switched off. That can reduce exposure to cache poisoning
and other attacks on name server operations. Some DNS implementations
even seperate authoritative and recursive service into discrete
programs.
BTW, the newsgroup you posted to is gatewayed into a mailing list. It's
very anti-social to use bogus From: headers and unreplyable email
addresses. These aren't even a decent anti-spam measure. So please
don't do it!
More information about the bind-users
mailing list