named.conf "option forwarder" vs. resolv.conf "nameserver"?

Kevin Oberman oberman at es.net
Mon Jun 14 20:57:17 UTC 1999 

swsnyder at home.com ("Steve Snyder") writes:

> Can someone explain to this DNS/BIND newbie the functional distinction 
> between the "options forwarder" in named.conf and the "nameserver" in 
> resolv.conf?
> 
> To me, they sound like they act identically: if a name cannot be resolved 
> locally, the specified remote host is called upon to do the resolution.

Different definitions of terms and very different parts of the domain
name system.

An entry in resolv.conf determines where the resolver on the local
system will go to get DNS information. It goes there unconditionally
and it is up to the system(s) listed to resolve the name (or other
information requested). This is a totally local operation.

Use of a forwarder option in named.conf effects all queries to a given
nameserver, regardless of source as it effects the server and not the
client. It also allows for queries to be resolved from cache so that
repeated queries for the same information can be processed more
quickly and with no further network access.

> I currently have my RedHat v6.0 system (/w BIND v8.2) configured with the
> addresses of 2 nameservers in /etc/named.conf.  If a name can't be resolved
> from my local cache, the request for resolution is forwarded to either the
> primary or secondary nameserver of my ISP, both listed in /etc/resolv.conf.
> I'm wondering, though, if there would be any advantage in having the
> addresses of those nameservers in "options forward" statements.  Would
> there?

Probably not. The major advantages of a forwarder are:
1. Because of a firewall, the local nameserver can't contact the
greater Internet for name resolution, but it can contact another
system which can.

2. A significant percentage of the names queried are served by the
system you forward the requests to. That can also help performance by
eliminating any further calls to other DNS systems.

An example is a Linux system running DNS, but not authoritative for
the local domains. It can have an authoritative server (or servers)
set up to handle queries so that queries for local domain names will
not have to every go any further.

You also refer to "local cache". There is no such thing. When the
local system queries for a name, it gets back the answer, returns it to 
the calling program, and exits without saving anything. A server DOES
cache responses.
-- 
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest Orlando Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: oberman at es.net				Phone: +1 510 486-8634

More information about the bind-users mailing list