Forwarding environment questions
Baird, Josh
jbaird at follett.com
Mon Nov 26 05:07:42 UTC 2007
I am currently in the process of re-structuring a fairy large BIND environment
and have a few questions regarding forwarding. Here is a simple overview of the
enviornment that I have in mind for Internal DNS:
* Internal Master (authoritative, uses forwarders to caching only servers for non-authoritative queries)
`- Slave 1 (authoritative, uses forwarders to caching only servers for non-authoritative queries)
- Slave 2 (authoritative, uses forwarders to caching only servers for non-authoritative queries)
- Slave 3 (authoritative, uses forwarders to caching only servers for non-authoritative queries)
- Slave 4 (authoritative, uses forwarders to caching only servers for non-authoritative queries)
* Caching only nameserver 1 (no authoritative data, all other internal BIND servers forward to these for recursive queries)
* Caching only nameserver 2
I am trying to follow best practices in that authoritative servers (masters and slaves) should
not allow recursive lookups, but should use forwarders if necessary. Due to the nature of the
existing environment, all clients are pointing to either the internal master or slave servers for
all name resolution (internal resolution, and recursive resolution). In order to keep these
authoritative servers from doing recursive lookups, my plan is to have them all use a forwarders statement
in the global options to forward all recursive lookups to the two "Caching only nameservers" that
we have in our environment. Is using forwarders in this way considered to be a good practice versus
these authoritative servers going out to the Internet directly for resucrsive lookups using root hints?
I am also a bit confused about the forwarders statements on the slave servers. It is my understanding
that they will only use the forwarders (that are defined in options) if the nameserver does not
contain authoritative data for the zone.. this is the case for slave zones as well? Or do I need
to specify "forwarders { };" for each of the zones on the slaves to force it to use the local authoritative
data?
I greatly appreciate any input or suggestions that you have.
Thanks,
Josh Baird
More information about the bind-users
mailing list