forwarders is ingored without "forward only"

[Kevin Darcy]

If the nameserver doesn't "prime" properly, i.e if it doesn't get a good
response from its initial query of the root zone, then it continually tries
to "re-prime" whenever it gets a query, even if it uses a forwarder to
resolve that query. The moral of the story is that if you have no direct
connectivity to the Internet, yet still want to resolve Internet names,
then you have to use "forward only"; "forward first" is not a reasonable
option in that situation. With "forward only" there is no iterative
fallback so the priming operation is peformed _through_ the forwarders
(technically it shouldn't need to prime at all in "forward only" mode, but
I am assured priming is still necessary because of BIND 8's architecture --
hopefully this requirement is absent from BIND 9).

"Forward first" is only appropriate as a performance enhancement, where
your connection to a high-capacity, reliable local nameserver or set of
nameservers is very fast compared to your Internet connectivity, and those
local nameservers are getting hit by enough clients and enough different
queries on a regular basis that your cache hit ratio is high. If those
conditions don't obtain, then "forward only" can actually hurt your overall
performance by adding an extra "hop" and associated processing time on the
remote server, to some of your query resolutions.


- Kevin

jackson_mars at my-deja.com wrote:

> I want to use forwarders, but this only seems to works with "forward
> only" set.
>
> I have been running tcpdump and found that the host queries some root
> nameservers first before it queries the fowarder.  If I set "forward
> only" then it queries the forwarder (I am testing and only have one just
> now), and this works fine.
>
> Why does it try the fowarder last ?
>
> Thanks...JM
>
> Sent via Deja.com
> http://www.deja.com/