Forwarding Environment

Merton Campbell Crockett m.c.crockett at roadrunner.com
Sun Jun 10 00:00:16 UTC 2007 

There is a changing in the guard at my company.  My responsibility  
for DNS is being shifted to our IT subcontractor.  The IT  
subcontractor has constructed a new DNS architecture based on the use  
of forwarding.

There has been a significant increase in users reporting name  
resolution problems and increased reports of network "slowness" that  
may be related to problems resolving domain names.

At each of our corporate site's there is a server that runs the ISC  
DHCP and BIND daemons.  Each server has a forwarders statement in its  
global options that lists the IP addresses of three "core" name  
servers located at site's with Internet access.  These also happen to  
be the sites with the most network congestion.

I have been tasked to provide recommendations to management regarding  
DNS.  I have used DNS forwarding in the past but in most instances it  
was used to forward DNS requests to a server that could provide  
reliable information about specific domains, i.e. there was a private  
network connection and name server could resolve names in DNS zones  
that were not accessible via the Internet.

My gut feeling is that there is something wrong with how the  
forwarding architecture has been constructed.  I would like  
clarification on generic issues in a forwarding environment.

For the purpose of discussion assume that the name servers at each  
site have the following options.

	option {
		...
		forwarders { x.x.x.x; y.y.y.y; z.z.z.z; };
		forward    only;
		...
	};

I presume that the global option have no affect on zones for which  
the site name server is defined as master.  Would there be any affect  
on zones defined as forward?

Would there be an affect on zones that were defined as slave or  
stub?  I seem to remember that there was an issue with slave zones  
and that it was necessary to include a forwarders { }; statement in  
the zone configuration.  Is this a general requirement or is this  
just a necessity when the zone contains delegations?


Merton Campbell Crockett
m.c.crockett at roadrunner.com

More information about the bind-users mailing list