Split DNS and FAQ
Kevin Darcy
kcd at daimlerchrysler.com
Thu Apr 5 21:05:05 UTC 2001
Adam Lang wrote:
> I read this section in the FAQ:
Which FAQ?
> Question 5.22. DNS in firewalled and private networks
>
> My question is in regards to this part:
>
> "Private DNS - resolves names from DOMAIN.COM for hosts inside the
> private network. If asked for a name outside DOMAIN.COM, they should
> forward the request to the public DNS (forwarders line should be used in
> the boot file). They should NEVER contact a root DNS on the Internet."
>
> Why is this? Is it just because you are assuming the public DS may have a
> cached answer already and it will save query time and bandwidth?
I'm not sure why this FAQ would, at the same time, *universally* recommend
forwarding as a way to resolve Internet names, and also state that one's
nameserver should never contact an Internet root server. If, on the one hand,
one's nameserver has full access to the Internet DNS, then it probably
shouldn't be forwarding at all, but even if it does so for performance
reasons, it should be forwarding in "forward first" mode, in which case it
*may* contact an Internet root server (if the forwarders are down or
unavailable). On the other hand, if one's nameserver lacks full access to the
Internet DNS, it *must* forward in order to resolve Internet names, so the
"should forward" is a moot point. (And the "should NEVER" is a moot point
too, if the nameserver has no access to the Internet root servers).
My guess is that what this FAQ is *really* trying to say is: "if you use
forwarding, don't forward to the Internet root servers", which is certainly a
valid recommendation. If so, then they should reword it.
- Kevin
More information about the bind-users
mailing list