Again: forwarders{} and delegation in zone behavior

Dmitry E Gouriev gouriev at icenet.ru
Tue Dec 20 23:50:56 UTC 2005 

Hello, here is a surprised newbie question.

Thank you for explanations.

We all understand that FORWARDING takes precedence
over USAGE OF DELEGATION RECORDS, unless
explicitely specified by empty forwarders{} in zone{},
missing global forwarders in options{}, etc.

However we (at least I) do not understand WHY.
Ignoring known delegation records and querying
major servers is a preferred default behaviour ?

Does anybody know is this actualy good way and
why it is better ?

Thank you,
Dmitry

-----History:

<cite>

List:       bind-users
Subject:    Re: forwarders{} and delegation in zone behavior.
From:       Barry Margolin <barmar () alum ! mit ! edu>
Date:       2004-05-05 17:32:32
Message-ID: barmar-8B8C15.13323205052004 () comcast ! ash ! giganews ! com
[Download message RAW]

In article <c7b6ui$ue7$1 at sf1.isc.org>,
 "William Stacey" <staceyw at mvps.org> wrote:

> If you have a "forwarders { 1.1.1.1 }" statement in your options, you need
a
> "forwarders {}" in a zone to override the global forwarders to follow NS
> delegations in that zone instead of using global forwarders (I think).  I
am
> unclear how to jive that with the 1034 basic algorithm for a rd query.
> Assuming you have an auth zone configured (e.g. domaina.com), should not
> step 1 find the qName in domaina.com or in any delegations and return
result
> or nxdomain even before it would try forwarding logic?  Or how might you
> clear up algorithm below (for my understanding) to include the forwarders
> behavior - maybe it is in there and I do not see it.  Thank you for your
> insight.

It's part of the "find the best servers to ask" step.  Without
forwarders configured, it uses the best-matching NS records.  When
forwarders are configured, it sends to them instead.  When you have a
global forwarders configured, and then override it with an empty
forwarders list for that zone, it causes it to go back to the normal
search algorithm for names in that domain.  If the name is in a
delegated subdomain, it will follow the NS records in the delegation.

>
> "5.3.3. Algorithm
>
> The top level algorithm has four steps:
>
>    1. See if the answer is in local information, and if so return
>       it to the client.
>
>    2. Find the best servers to ask.
>
>    3. Send them queries until one returns a response.
>
>    4. Analyze the response, either:..."

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***

</cite>

and long thread before and after, see
http://marc.theaimsgroup.com/?l=bind-users&m=108377841724793&w=2

More information about the bind-users mailing list