Why use Forwarders?

Oli Comber oli at niceltowers.co.uk
Thu Mar 11 16:55:14 UTC 2004 

Thanks Bill, and Thanks Jim - some useful info here :0)

On Thu, 2004-03-11 at 16:28, Bill Larson wrote:

> > It makes no difference to me whether I use Forwarders or not - I'm on a
> > small home network, no need for load balancing.
> 
> Forwarding doesn't provide "load balancing", or I'm not sure what you 
> are referring to.

The kind like you refered to below, with several forwarders caching for
many clients so as not to overload your central server.  I was just
trying to stress that this is a _tiny_ setup :0)

> > Why would one want to use a forwarder instead of doing a lookup
> > directly?
> 
> What would you do if you were on a network that had a firewall that 
> prevented outgoing DNS queries except from a certain set of "allowed" 
> DNS servers?  You would use forwarding to one of these "allowed" 
> servers. These servers should provide quick responses to your queries.

<snip>

> > I'm a bit confused - I don't like things that suddenly start working by
> > magic!
> 
> As Jim Reid identified in another followup, it doesn't sound like you 
> have to use forwarding in your situation so why even fight with trying 
> to configure it.

I'm a bit of a newbie, I started off with a 'caching nameserver'
example, read about, and built up from there.  All the examples seem to
use forwarders, and I didn't realise till now that they were considered
a Bad Idea unless you have a specific need.  Now I've learnt a bit more
about the whole thing, I'm wondering why you would even build a simple
caching-only nameserver to use forwarders, expecially given the speedup
I've seen since changing it to do direct lookups..?

> I would suggest that you configure your server to limit it's ability to 
> provide recursive DNS service for the whole world.  I'm sure that 
> someone will argue with this statement, but this is a generally 
> accepted "best practice".  My opinion is that everyone should already 
> have access to some DNS server as provided by their ISP.  If their ISP 
> doesn't provide this service for them, then they should know how to 
> provide it themselves.  Generally, people that make use of someone 
> else's DNS services for general purpose use are people that are up to 
> no good.  Again, my opinion only.

You'll be pleased to hear noone can see my DNS server through my
firewall.  A cheat, I know :0)

Thanks,
-Oli

More information about the bind-users mailing list