[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
David Brook wrote:
>
> We do have forwarders listed in our DNS config file pointing at the BT
> DNS servers. I thought this was the only way to chain DNS queries from
> our domain to the outside world. It has always worked in the past!!!! .
Forwarders are evil.
If you run your own DNS server for recursive queries, it should resolve
off the root name servers (don't worry there are a lot more than 13 of
them in reality).
i.e. somewhere you have
zone "." { type hint; };
Forwarders tend to believe what they are told (read gullible), and
complicate troubleshooting no end. They had a place when there were
expensive metered low bandwidth wide area connections around, these days
DNS traffic is so small as to be insignificant for most people (except
maybe TLD operators, and probably not all of them worry much about it).
These days best to avoid forwarders unless your expensive DNS consultant
says otherwise.
> Will forward our config files if this would help anyone to help us!!.
I'd lose the forwarder, and see if the problems go away first. Do check
your firewall config allows outgoing DNS queries to port 53 both UDP and
TCP to any address from your DNS server.
Also once the forwarders are gone you can expect BIND to do roughly the
same as "dig +trace www.example.com", which helps no end in troubleshooting.
-
The Mailing List for the Devon & Cornwall LUG
Mail majordomo@xxxxxxxxxxxxx with "unsubscribe list" in the
message body to unsubscribe. FAQ: www.dcglug.org.uk/linux_adm/list-faq.html