On 2013-06-05 14:27, Jonathan Reed wrote:
But then I just hate forwards. Burned 1000x times, lesson learned :)
What are you referring to? Why are forwards such a bad idea?
They're not automatically a bad idea, but I always prefer having a local
copy of a zone unless that's not practical.
A couple real world example that I bang my head against daily/weekly:
1) I do some contract work out of a satellite office where we have a
full time site-to-site VPN to HQ, and as a result, I've forwarded their
domains to their internal NS over the VPN. Works great, except that when
the VPN is down, I can't reach their externally hosted resources (which
don't need the VPN, but do need DNS to work)
2) Even when it works, their office is 200-400ms (or about 16 hours
door-to-door, including flight times) away from me. The internal DNS
uses very short TTLs. This means I've got a 200-400ms wait time to
access their public website (which is CDN hosted and otherwise very
responsive) to hit the homepage, then a few more 200-400ms waits for
other resources to start to load, and I do it every $small-TTL seconds
while I browse their site looking for something because the cache
expires quickly.
I've never seen a case where slaves are less reliable than forwards, but
forwards are often less reliable than slaves. When a slave is not
realistic or practical, forwards get the job done.
Keeping this thread in mind, the situation is a remote office where the
pipe is neither fat nor reliable. See #1 and #2 above.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
