Root Servers and Forwaders ?

Michael Voight mvoight at cisco.com
Wed Mar 1 15:21:43 UTC 2000 


Rahul Parasnis wrote:
> 
> >YES.. If you can reach the internet from this machine.
> And If they can't reach internet because they are not allowed, and I have
> mentioned only one or two root Servers
> which are the Root Servers for intranet domain then........ what should I
> specify as forwarders address ?
> My confusion lies here ...
> The Queried record (giri.gbrmpa.gov.au)  is not in my cache then I will
> query to the root Server .
> Even if
> a. I have specified the forwarders statement ( NOT Forward only but sending
> recursive query to forwarder)
> b. I have not specified the forwarder statement.

You NEVER use the root server if you are using forwarders and slave mode
(options forward only)

If you do not use slave/options forward only, then you will go to the
root servers if the forwarders do not respond fast enough

If you do not specify a forwarder, then you will go to the root servers.

Note: You would only go to the root server if you do not have an NS
record for the domain you are looking for. Also, once you get the NS
records for .au, you would not go back to root until they expire.

Have you read the DNS & BIND section on forwarders? It is quite
descriptive.

> 
> Secondly
>  If I have a DNS Server running on Firewall Can I specify this Server's IP
> address in forwarders ( Not forward only )?
> will I be able to resolv intranet as well as internet Names ?

No.. If you specify the forwarder, you will NOT go to you internal root
server unless you make an exception for the internal zones (not possible
in bind version 4) or are the authoritative server  for the internal
zones. I believe in BIND 8, you can do this. I am not a BIND 8 expert. I
support a non-bind DNS and am most familiar with BIND 4.

>
> 
> Same question here again , Your first guess is B could be a Forwarder .
> Does it mean that when I specify following statement in my named.conf file
>  forwarders { 199.103.103.8; } ;
> 
> this DNS Server will ask first a recursive query to this 'forwarder' and then
> it will query the root server specified in the hints file.
> Am I right or wrong ?

Wrong. Once you asked the forwarder, the forwarder is responsible for
getting a final answer back to the first nameserver. Root is only
queried is the forwarder doesn't reply, unless you have set slave mode.
With slave mode, you never query the root servers.

Michael

More information about the bind-users mailing list