Internal roots and forwarding.

[Kevin Darcy]

Cricket Liu wrote:

> > The following is a quote from an earlier post:
> >
> > "While specifics vary, the key thing to keep in mind is that
> > forwarders and internal roots are mutually exclusive configurations.
> > A root server believes it is authoritative for anything
> > (either directly or with a delegation).  There is no
> > such thing as a better server (forwarder).  If your current
> > setup revolves around forwarders, a change to internal roots will
> > likely impact a lot more than just the DNS."
> >
> > Is this the case?  We would like to forward requests for specific external
> > zones to an internet aware name server.  We are using internal root
> servers.
> > Is this possible?  I have tried creating some forward only zones on the
> > 8.2.1 servers but it doesn't appear to work.
> >
> > I guess I'm looking for a 3rd opinion.
>
> Well, this is hardly a third opinion, because I think someone from Acme
> Byte & Wire posted the snippet you quoted, but yes, it's correct.
> Forwarding and internal root name servers are mutually exclusive.  One
> very fundamental problem is that, with forwarders configured, you send
> your system query to your forwarder, not a root name server.
> Consequently, you end up with the list of Internet root name servers,
> not your internal root name servers, and you can't reach the Internet
> root name servers.

I'm confused: why would the forwarder ever send back a list of Internet roots
if it's only being *selectively* forwarded to, i.e. no root queries? Even if
I selectively forward for a domain that doesn't exist (which I would consider a
configuration error), I don't get a list of Internet roots in the
NXDOMAIN response; I get an SOA. This may pollute my cache somewhat, but it
doesn't interfere with the use of my internal root nameservers for everything
else. What am I missing?


- Kevin