does zone trump forward?

[Dave Warren]

On 2013-06-05 14:27, Jonathan Reed wrote:
>
>     But then I just hate forwards. Burned 1000x times, lesson learned :)
>
>
> What are you referring to? Why are forwards such a bad idea?
>

They're not automatically a bad idea, but I always prefer having a local 
copy of a zone unless that's not practical.

A couple real world example that I bang my head against daily/weekly:

1) I do some contract work out of a satellite office where we have a 
full time site-to-site VPN to HQ, and as a result, I've forwarded their 
domains to their internal NS over the VPN. Works great, except that when 
the VPN is down, I can't reach their externally hosted resources (which 
don't need the VPN, but do need DNS to work)

2) Even when it works, their office is 200-400ms (or about 16 hours 
door-to-door, including flight times) away from me. The internal DNS 
uses very short TTLs. This means I've got a 200-400ms wait time to 
access their public website (which is CDN hosted and otherwise very 
responsive) to hit the homepage, then a few more 200-400ms waits for 
other resources to start to load, and I do it every $small-TTL seconds 
while I browse their site looking for something because the cache 
expires quickly.

I've never seen a case where slaves are less reliable than forwards, but 
forwards are often less reliable than slaves. When a slave is not 
realistic or practical, forwards get the job done.

Keeping this thread in mind, the situation is a remote office where the 
pipe is neither fat nor reliable. See #1 and #2 above.

-- 
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20130605/18198422/attachment.html>