Why use Forwarders?
Oli Comber
oli at niceltowers.co.uk
Thu Mar 11 16:55:14 UTC 2004
Thanks Bill, and Thanks Jim - some useful info here :0)
On Thu, 2004-03-11 at 16:28, Bill Larson wrote:
> > It makes no difference to me whether I use Forwarders or not - I'm on a
> > small home network, no need for load balancing.
>
> Forwarding doesn't provide "load balancing", or I'm not sure what you
> are referring to.
The kind like you refered to below, with several forwarders caching for
many clients so as not to overload your central server. I was just
trying to stress that this is a _tiny_ setup :0)
> > Why would one want to use a forwarder instead of doing a lookup
> > directly?
>
> What would you do if you were on a network that had a firewall that
> prevented outgoing DNS queries except from a certain set of "allowed"
> DNS servers? You would use forwarding to one of these "allowed"
> servers. These servers should provide quick responses to your queries.
<snip>
> > I'm a bit confused - I don't like things that suddenly start working by
> > magic!
>
> As Jim Reid identified in another followup, it doesn't sound like you
> have to use forwarding in your situation so why even fight with trying
> to configure it.
I'm a bit of a newbie, I started off with a 'caching nameserver'
example, read about, and built up from there. All the examples seem to
use forwarders, and I didn't realise till now that they were considered
a Bad Idea unless you have a specific need. Now I've learnt a bit more
about the whole thing, I'm wondering why you would even build a simple
caching-only nameserver to use forwarders, expecially given the speedup
I've seen since changing it to do direct lookups..?
> I would suggest that you configure your server to limit it's ability to
> provide recursive DNS service for the whole world. I'm sure that
> someone will argue with this statement, but this is a generally
> accepted "best practice". My opinion is that everyone should already
> have access to some DNS server as provided by their ISP. If their ISP
> doesn't provide this service for them, then they should know how to
> provide it themselves. Generally, people that make use of someone
> else's DNS services for general purpose use are people that are up to
> no good. Again, my opinion only.
You'll be pleased to hear noone can see my DNS server through my
firewall. A cheat, I know :0)
Thanks,
-Oli
More information about the bind-users
mailing list