Name resolution follows forwarders instead of delegations on master server
Cathy Almond
cathya at isc.org
Wed Jan 27 11:48:42 UTC 2010
Taylor, Gord wrote:
> I've noticed that if I have default forwarders setup in the options
> section of my named.conf, then BIND (9.4.1-P1) will forward to these
> servers rather than following the delegations for zones where it's
> authoritative (verified via sniffer trace). Is this true of all BIND
> versions?
Yes (at least anything reasonably recent).
> In my case, the forwarders in the options section are in my primary data
> centre which is authoritative for all of our internal zones, and the
> config below exists in one our geographical data centers (overseas),
> which is master only a subset of the zones. Since the delegation is to a
> local F5 GTM in that same geographical datacenters, I really don't want
> everything coming back across the WAN, only to be delegated back across
> the WAN again (lots of inefficiencies). I've found that putting an empty
> forwarders statement in the zone config (e.g. forwarders { };) prevents
> following the default forwarders, so I have a workaround for now.
This isn't a workaround, it's the correct configuration to ensure that
resolution follows the delegation to the subdomain servers instead of
using global forwarding.
> This behavior seems a little counter-intuitive to me and never caused me
> any problems until recently. So I wanted to know if this behavior was
> consistent across all BIND versions, or if it only happened recently due
> to our BIND version upgrade last year (9.4.1-P1). I'm looking at another
> code upgrade shortly, so want to ensure no surprises...
>
> Any help/clarification is appreciated
You shouldn't get any new surprises relating to forwarding on your next
upgrade :-)
Cathy
More information about the bind-users
mailing list