Re: Name resolution follows forwarders instead of delegations on master server

Wed, 27 Jan 2010 07:30:04 -0800

I've found over the years that many people find "forwarders { };" to be non- or even counter-intuitive.
"I want to forward, but I'm explicitly telling you not to use any other server for forwarding". Huh? 


My 2 cents is that a different forwarding *mode* (e.g. "forward no", 
"forward none") would make more sense than "forwarders { };"



                                                                        
                                                                        
- Kevin


On 1/27/2010 6:48 AM, Cathy Almond wrote:

Taylor, Gord wrote:

   

I've noticed that if I have default forwarders setup in the options
section of my named.conf, then BIND (9.4.1-P1) will forward to these
servers rather than following the delegations for zones where it's
authoritative (verified via sniffer trace). Is this true of all BIND
versions?

     

Yes (at least anything reasonably recent).


   

In my case, the forwarders in the options section are in my primary data
centre which is authoritative for all of our internal zones, and the
config below exists in one our geographical data centers (overseas),
which is master only a subset of the zones. Since the delegation is to a
local F5 GTM in that same geographical datacenters, I really don't want
everything coming back across the WAN, only to be delegated back across
the WAN again (lots of inefficiencies). I've found that putting an empty
forwarders statement in the zone config (e.g. forwarders { };) prevents
following the default forwarders, so I have a workaround for now.

     

This isn't a workaround, it's the correct configuration to ensure that
resolution follows the delegation to the subdomain servers instead of
using global forwarding.


   

This behavior seems a little counter-intuitive to me and never caused me
any problems until recently. So I wanted to know if this behavior was
consistent across all BIND versions, or if it only happened recently due
to our BIND version upgrade last year (9.4.1-P1). I'm looking at another
code upgrade shortly, so want to ensure no surprises...

Any help/clarification is appreciated

     

You shouldn't get any new surprises relating to forwarding on your next
upgrade :-)

Cathy
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users




   



_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users






















					Reply via email to