How to use forwarders

Mike Himes mrh at hrb.com
Tue Jul 18 20:09:32 UTC 2000 

Since I have been trying to figure out why my forwarding is not working
correctly I guess now is the time to jump in.  
 
> Forwarding name servers come in two flavours: dumb and dumber. Dumb
> ones send queries to the addresses listed as forwarders. If no answer
> comes back, they will eventually try to resolve the query for
> themselves. This is tolerable, but of dubious merit. If the server was
> able to resolve the query for itself, why not let it do that from the
> outset? Dumber name servers just query the servers in their
> forwarders list. If none of them respond, the lookup fails.

I guess I have a DUMB one.


 
> Most of the time, forwarding name servers can be avoided. [And IMHO
> that's usually what should be done: don't forward unless it's *really*
> necessary.] There are circumstances where they are a necessary evil
> however. For instance when hosts on a private net need to resolve
> internet names and addresses and only selected name servers are
> allowed to make external queries, other internal name servers would
> need to forward queries to those selected servers.
> 

or if the domain name for you company has changed 3 times in the past 3
years...  Merging with three other companies at the same time.

> Another argument for forwarding is that it allows name servers to
> forward queries to servers who build up a huge cache. This is true,
> but probably isn't relevant any more. In the days when sites had slow
> pipes to the Internet, saving even a few packet's worth of traffic
> made sense. The cost of the extra lookups by not forwarding is
> probably more than compensated by having name servers that can
> function autonomously. Those name servers would not be dependent on an
> artificial single point of failure if they had to forward queries to
> one or two central name servers.

This is the scenario.  I have a local DNS master server.  I also have an
Internet server NS1.  On the corp lan I have Corp DNS server.  To keep
it simple I will leave out the others.  

 Here is a snipped down version.. of named.conf
options {
//  forward to NS1 for internet DNS
       forwarders {
                192.68.227.70;
 	};
};

zone "." in {
        type hint;
        file "MULTINET:DNS.CACHE";
};

zone "mydomain.com" in {
        type master;
        file "DNS.db";
};

zone "legacycompanyA.com" in {
        type forward;
        forward only;
        forwarders {
                138.127.160.101;
        };
};

zone "legacycompanyb.com" in {
        type forward;
        forward only;
        forwarders {
                192.168.2.250;
        };
};

zone "corp.com" in {
        type forward;
        forward only;
        forwarders {
                155.157.160.101;
        };
};

For some reason the server will not forward requests out to the
different zones. It only chooses the Options forward statement, never
tries to forward to the correct DNS zone statement.

for example if I do a nslookup www.corp.com it will forward the packet
to my internet DNS server and not the corp.com DNS server.  Why?  Must I
remove the options statement and if I do how do I get internet DNS
service through the firewall?

thanks,
	-mike


-- Binary/unsupported file stripped by Listar --
-- Type: text/x-vcard
-- File: mrh.vcf
-- Desc: Card for Mike Himes

More information about the bind-users mailing list