> > I'm no DNS expert, so am wondering if I am shooting myself > in the foot by having "forwarders" set up in my BIND config > file, especially with "forward > first":
> Where xxx and yyy are the DNS servers for my colo provider > where I host the system in question. Does this defeat the > purpose of local caching or am I OK? No. Resolution by forwarders is also cached by the requesting (forwarding) DNS server. It does expose you to any corruption (e.g., cache polution) of your colocator's DNS -- but if you trust them to do as good or better job of running DNS securely (than you can do) then that probably doesn't matter. (You did say you are not an expert.) -- Herb Martin
