hint file versus forwarded
Kevin Darcy
kcd at daimlerchrysler.com
Thu May 9 22:38:37 UTC 2002
Barry Margolin wrote:
> In article <abes1e$b8e8$1 at isrv4.isc.org>,
> Kevin Darcy <kcd at daimlerchrysler.com> wrote:
> >
> >Armin Safarians wrote:
> >
> >> Hello all, I have a quick question for you all.
> >>
> >> We have two level of dns. internal and external. Today we forward any
> >> queries that is not known by the internal dns servers to the external
> >> dns servers and they point to the root servers with the hint file for
> >> internet queries.
> >>
> >> The question is how is that different/better/worst than having the hint
> >> file on the internal server point to the external dns.
> >> Hint file versus forwarders.
> >
> >When is forwarding *ever* desirable, when direct connectivity is
> >available? The same arguments against forwarding apply here as in any
> >other context. Search the archives for my previous diatribes against
> >forwarding.
>
> I don't think your response is appropriate, since it sounds like his
> internal servers don't have direct connectivity. The firewall only allows
> them to connect to the external servers.
I interpreted "hav[e] the hint file [...] point to the external DNS" as "open up
the firewall to allow access to the Internet DNS and put the Internet root servers
in the hints file".
But, you're right, the OP could just as easily have meant "put the names/addresses
of the external nameservers (which are currently being used as forwarders) into
the hints file", which of course wouldn't work.
- Kevin
More information about the bind-users
mailing list