Guruhowtos

A forwarding (a.k.a. Proxy, Client, Remote) server is one which simply forwards all requests to another DNS and caches the results. On its face this look a pretty pointless exercise. However a forwarding DNS sever can pay-off in two ways where access to an external network is slow or expensive:

1. Local DNS server caching - reduces external access and both speeds up responses and removes unnecessary traffic.
2. Remote DNS server provides recursive query support - reduction in traffic across the link - results in a single query across the network.

Forwarding servers also can be used to ease the burden of local administration by providing a single point at which changes to remote name servers may be managed, rather than having to update all hosts.

Forwarding can also be used as part of a Split Server configuration for perimeter defence.

BIND allows configuration of forwarding using the forward and forwarders parameters either at a ‘global’ level (in an options section) or on a per-zone basis in a zone section of the named.conf file. Both configurations are shown in the examples below:

Global Forwarding - All Requests

// options section fragment of named.conf
// forwarders can have multiple choices
options {
	directory "/var/named";
	version "not currently available";
	forwarders {10.0.0.1; 10.0.0.2;};
	forward only;
};
// zone file sections
....

Per Domain Forwarding

// zone section fragment of named.conf
zone "example.com" IN {
	type forward;
	forwarders {10.0.0.1; 10.0.0.2;};
};

Where dial-up links are used with DNS forwarding servers BIND’s general purpose nature and strict standards adherence may not make it an optimal solution. A number of the Alternate DNS solutions specifically target support for such links. BIND provides two parameters dialup and heartbeat-interval (neither of which is currently supported by BIND 9) as well as a number of others which can be used to minimise connection time.