Master zone with forwarding. Yes/no .. better method

[Kevin Darcy]

I think you have a basic misunderstanding of zone types. "master" means
that you load the entire zone contents from some source outside of the
DNS protocol (historically this is a manually-maintained zone file).
"forwarding" means that you have no innate knowledge of the zone
contents, and must therefore query a specific server or set of servers to
learn anything about the zone. As you can see, these types are
fundamentally incompatible. True, the "forwarders" substatement is
syntactically legal in the definition of a "master" zone, but as Mark
pointed out, this is really only intended to affect the behavior of
queries in sub-zones; not queries for names in the defined zone itself.
So it doesn't accomplish what you appear to want it to.

Before recommending an alternative zone type, I would advise you to look
a little further into *why* your performance is bad to begin with. If
your performance is bad because your forwarder is overloaded, or your
network connectivity to the forwarder is unreliable, then maybe the
simple solution is to just add more forwarders, assuming that multiple
nameservers of the zone are reachable. Another approach which
more-or-less accomplishes the same thing is to define the zone as type
"stub", the main difference being that "stub" zones send queries to only
the *published* nameservers for the zone (which it keeps track of using a
minimal form of zone replication), whereas forwarding sends queries to an
arbitrary forwarder or set of forwarders that you explicitly configure in
named.conf. If your nameserver has more servers to choose from, the load
will be spread out between remote nameservers and, depending on your
version of BIND, named may actually be smart enough to home in adaptively
on the *fastest* nameservers/forwarders: reliability and performance
should improve.

If *all* of the available forwarders or published nameservers for the
zone are slow and/or unreliable, then your only reasonable recourse may
be the "classical" approach of making yourself a slave for the zone. But
be aware of the following caveats to slaving: a) if the master restricts
zone transfers, your nameserver may have to be explicitly authorized to
perform the zone transfers upon which slaving relies, b) depending on a
variety of factors (size of zone, frequency of change, whether or not the
master and slave are using IXFR (incremental zone transfer)), zone
replication can consume a significant amount of computer and network
resources, on the master and/or the slave and/or everything in between,
c) you may need to have the admin of the master server add your
nameserver to an "also-notify" clause (or the non-BIND equivalent) if you
want timely propagation of changes to the zone (note that
"also-notify" may exacerbate the resource problems mentioned in (b) above
-- there's often a tradeoff to be made between speed-of-propagation and
conservation-of-resources).


- Kevin

Derek Caines wrote:

> Hi Guys:
> We are conneted to a private vendors network. To access host files on
> their network we previously only used a forward zone type. Recently
> however performance has suffered and it was suggested that we get a
> copy of their zone file.
> This was done so I have configure the zone "example.com" as a master.
> (below)
>
> zone "example.com" IN {
>      type master;
>      file "example";
>
>      forwarders { x.x.x.x; };
>      forward only;
> };
>
> Q: We recognize that we may not have a complete listing of all
> machines we need to get to. Does it make sense or does it even work to
> use the forward statement to resolve these names not in the masted
> list? (as shown above)
> Is there a better solution here?
>
> Thanks
> Derek C