Arguments for/against use of forwarders{}?
Len Conrad
LConrad at Go2France.com
Sun May 20 14:20:21 UTC 2001
> If you forward, you depend on whatever you forward to be always
> available to answer queries. If the target(s) of those forwarded
> queries die or misbehave or get renumbered or have their configuration
> changed, you lose.
ok, that assumes the forwarder is not chez vous.
So let´s assume the forwarder IS local in our local DMZ as a bastion DNS,
taking queries from one or more DNS´s inside the inner firewall, keeping
DNS queries through the inner firewall to recursive only.
Single point of failure, sure, but it´s local.
What´s the argument against that config? Seems to me to be one of the more
acceptable uses of forwarding.
Len
http://MenAndMice.com/DNS-training
http://BIND8NT.MEIway.com : ISC BIND 8.2.3 "NT3" for NT4 & W2K
http://IMGate.MEIway.com : Build free, hi-perf, anti-abuse mail gateways
More information about the bind-users
mailing list