Difference between delegation and "conditionnal forward".

Fri Jan 21 22:26:50 UTC 2000

Soraya Hassanaly wrote:

> Hi all,
> I would know the real difference between the delegation mechanism and the
> "conditionnal forward", which I only heard about.

True _conditional_ forwarding doesn't exist yet, but you can define a zone
-- actually a domain -- in your nameserver to be of type "forward";
sometimes zone-specific forwarding is referred to as "selective" forwarding,
to distinguish it from "default" or "global" forwarding. Any query your
nameserver gets in a type "forward" zone will be forwarded to some other
nameserver you specify, or to a list of forwarders. There are two
variations: "forward first", as the name suggests, first sends the query to
the forwarder(s), and if that doesn't work, falls back to the normal,
non-forwarding mechanisms; "forward only" will rely completely on the
forwarder(s). "Forward first" is usually just an optimization, i.e. to build
up a rich cache on a set of central servers on a large and/or diverse
network to improve query times, whereas "forward only" is usually employed
to circumvent intractable connectivity issues.

A delegation is somewhat different. Rather than being something you define
in your nameserver's config file, it's something contained in the DNS
database itself, so instead of just telling individual nameservers where
they should send queries for a zone, a delegation tells *everyone* where
they should send queries for the zone. Obviously this is more scalable,
especially on the Internet where it is not feasible for everyone to define
forwarders for every zone. Additionally, nameservers which use delegations
and referrals have an advantage over their forwarding counterparts in that
they can optimize their query patterns better and deal more reasonably with
remote nameserver failures and/or various types of congestion. A nameserver
which just forwards to another nameserver is heavily dependent on the
speed/availability/capacity of that nameserver, and that of the path between
them.

If you have a choice, always use delegations, and then, if you need to
optimize, "forward first". "Forward only" is usually only appropriate if you
can't directly access the nameservers for the zones containing the names
you're trying to resolve. Note that there's no problem delegating a zone and
also defining it as type forward -- in either flavor -- on various
nameservers: those forwarding nameservers will effectively ignore the
delegations (except when "forward first" is in fallback mode), but all the
other, non-forwarding nameservers will still use them productively.

Note, however, that if you use *global* (non-zone-specific) forwarding,
where the forwarder has visibility to an external root zone, e.g. the
Internet root, you currently can't also use a regular
delegation/referral-based internal-root architecture, because of a fixable
bug in named. In that case, you're stuck explicitly defining all of the
domains that you don't want sent to the global forwarder(s) as
master/slave/stub/forward zones (the type forward zone would point to a
different forwarder, of course). Ick.

- Kevin