Forward Zone

Michael Colterman mcolterm at nortelnetworks.com
Wed Nov 8 13:29:42 UTC 2000 

I understand forwarding in say the type master zone, but was is the purpose
of it in a type forward zone?  Doesn't a forward zone just forward
everything?  If so what is the need for the forward (first | only) option.
I am just looking at this for a forward zone.

Syntax for a forward zone is defined as the following:

zone domain_name [ ( in | hs | hesiod | chaos ) ]

  type forward;
  [ forward ( only | first ); ]
  [ forwarders { [ ip_addr ; [ ip_addr ; ... ] ] }; ]
  [ check-names ( warn | fail | ignore ); ]
};

Cheers,

Mike

-----Original Message-----
From: kcd at daimlerchrysler.com [mailto:kcd at daimlerchrysler.com]
Sent: Monday, November 06, 2000 8:31 PM
To: comp-protocols-dns-bind at moderators.isc.org
Subject: Re: Forward Zone



Michael Colterman wrote:

> I did a quick browse through some archives and haven't been able to find
the
> answer to my question so I'll try here now.
>
> If you have a forward zone what would be the purpose or benefit of having
> the option forward (only | first) defined?  From the documentation I have
> with BIND 8.2.3 it says "The only value causes the lookup to fail after
> trying the forwarders and getting no answer, while first would allow a
> normal lookup to be tried."  Having first wouldn't allow a normal update
> because it is a forward zone, right?
>
> I am not understanding the need for these options in a forward zone.

I like to refer to "forward first" as "opportunistic" forwarding. It will
try
the forwarders, but if that doesn't work, fall back to regular iterative
(i.e.
non-forwarding) mechanisms for resolving the query. Opportunistic forwarding
is
appropriate in cases where you are forwarding only as a performance
optimization, i.e. you have one or more central machines on your local
network
building up a large cache of query responses and answering more quickly to
other local nodes, than the remote, authoritative nameservers themselves
typically would. The thing to remember about opportunistic forwarding is
that
you should never get a fundamentally *different* answer from the forwarder
(notwithstanding change-propagation delays) than you would if you went out
and
asked the authoritative nameservers themselves. Opportunistic forwarding is
just a way of (hopefully) getting the same data *faster* than if forwarding
were not used at all.

"forward only", on the other hand, is "strict" forwarding. *ONLY* the
forwarders are used. This is appropriate when you are using forwarding to
get
around some sort of connectivity issue (most commonly, you want internal
machines to be able to resolve Internet names for some reason), or, when
used
on a per-domain basis, you want to "redirect" queries in a particular domain
to
a specific set of nameservers because they possess a "special" version of
the
domain in a split-DNS scenario. Strict forwarding allows you to resolve
queries
that you ordinarily wouldn't be able to resolve at all because of
connectivity
issues, or, if you could, to get fundamentally different answers than you
would
get in the absence of forwarding. Note that "slave" or "stub" zones are an
alternative to forwarding in the latter (redirection) case, but you may need
to
specify "forwarders { }" in the zone definition to inhibit any global
forwarding that may otherwise apply to names in subzones of that zone.


- Kevin

More information about the bind-users mailing list