How to use forwarders

Jim Reid jim at rfc1035.com
Tue Jul 18 14:10:58 UTC 2000 

>>>>> "George" == George Lewis <GLEWIS at fcc.gov> writes:

    George> Hi, Just a general question about forwarders. I'm not sure
    George> I understand when or why you define forwarders. If a
    George> forwarder is defined on a server does it mean that that
    George> server will not attempt to resolve the address but
    George> instead will forward it on for resolution, or is it used
    George> to define servers to go to when it can't resolve an
    George> address? 

Either your server gets an answer to its questions or it doesn't.
There's no mechanism in the DNS protocol that allows conditional
processing of an answer. The same goes for implementations. AFAIK,
nobody has a name server that allows you to configure things like "if
name server foobar gives me answer foo when I query for bar, query
server fubar for foobar". [NB: I'm not talking about referrals here.] 

Forwarding name servers come in two flavours: dumb and dumber. Dumb
ones send queries to the addresses listed as forwarders. If no answer
comes back, they will eventually try to resolve the query for
themselves. This is tolerable, but of dubious merit. If the server was
able to resolve the query for itself, why not let it do that from the
outset? Dumber name servers just query the servers in their
forwarders list. If none of them respond, the lookup fails.

Most of the time, forwarding name servers can be avoided. [And IMHO
that's usually what should be done: don't forward unless it's *really*
necessary.] There are circumstances where they are a necessary evil
however. For instance when hosts on a private net need to resolve
internet names and addresses and only selected name servers are
allowed to make external queries, other internal name servers would
need to forward queries to those selected servers.

Another argument for forwarding is that it allows name servers to
forward queries to servers who build up a huge cache. This is true,
but probably isn't relevant any more. In the days when sites had slow
pipes to the Internet, saving even a few packet's worth of traffic
made sense. The cost of the extra lookups by not forwarding is
probably more than compensated by having name servers that can
function autonomously. Those name servers would not be dependent on an
artificial single point of failure if they had to forward queries to
one or two central name servers.

More information about the bind-users mailing list