DNS Forwarder bind9

reredok
reredok used Ask the Experts™
on
I'm about linux dns (bind9).

In the corresponding configuration file for bind I have configured dynamic DNS forwarder (namebench).

My question is: how can I find out which forwarder bind9 actually uses?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Hi,

your forwarders substatement contains the ipadress. If there are multiple then you use ; as a delimiter:

options {
	forwarders { ip_adress; ip_adress; };
};

Open in new window

Cheers
reredokIT Consultant

Author

Commented:
as I said, the procedure is clear to me. I just don't know how the DNS requests of the clients of bind9 are answered by which DNS forwarder. "dig", "nslookup" don't give me any answers.
By the way, here is the script FYI
bind9 /etc/bind/named.conf.options
...
forwarders {
                #include /etc/bind/forwarder_list
                //8.8.8.8;  
...

script:
#!/bin/bash

#start namebench and wait

pids="""
namebench --output=/tmp/namebench_resolvconf_template --template=resolv.conf &
wait $pids
sed -e 's|nameserver ||' /tmp/namebench_resolvconf_template > /etc/bind/forwarder_list
awk '{print $1}' /etc/bind/forwarder_list > /tmp/tab
sed 's/$/;/' /tmp/tab > /etc/bind/forwarder_list
service bind9 restart
Mihai BarbosTrying to tame bits. They're nasty.

Commented:
I think the queries are answered in a round-robin fashion. This can be configured though.
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

reredokIT Consultant

Author

Commented:
OK but shouldn't there be a tool like dig, nslookup which shows me the bind9 DNS-Forward-Query?
rndc querylog shows me the client DNS queries but unfortunately not how bind9 resolves them using the "round-robin' DNS-Forwarder method.

Background of my question is: namebench is looking for the "fastest" DNS server.
Some of the detected DNS servers are fast, but the name resolution, i.e. the correctness or the negative DNS response may not be 100%. Many of my admin colleagues simply leave google DNS 8.8.8.8 or 8.8.4.4 in the DNS forwarder and I think that's not very dynamic. That's what namebench is constructed for :-)
Mihai BarbosTrying to tame bits. They're nasty.

Commented:
Round robin means that for one query bind will ask the first server, for the second query it will ask the second forwarder and so on. When it reaches the end of the list of forwarders, it will start again with the first one.

Looking at newer messages in the mailing lists, it seems that this is no longer the case.
Forwarders are selected based on an RTT(round-trip-time)-based algorithm, so none of this configuration complexity should be necessary from a performance/availability standpoint. The algorithm will choose faster forwarders over slower ones, and penalization/eventual-redemption of failed/non-responding forwarders is built into the algorithm. It's similar to the NS-selection algorithm; in fact, it might be a common server-selection routine that handles both situations.

Have you considered the option of not forwarding *at*all*? If your BIND instances have direct access to the Internet DNS, then forwarding isn't usually a good choice anyway. As a side benefit, talking directly to the authoritative nameservers should allay the privacy concerns associated with talking through a third party.
So, what you want to do, seems not to be necessary.
reredokIT Consultant

Author

Commented:
Thanks for the RTT tip.
That means you can save the whole namebench method and actually take 8.8.8.8 and 8.8.4.4 or the DNS from the Internet Service Provider.

Which name server bind9 actually chooses is determined by which of the requested name servers is closer to the corresponding namespace, i.e. which one finally sends the answer.

This means that for the next request that is similar to the first one, bind9 no longer asks the DNS forwarder but the name server that responded as soon as possible.

So DNS Forward is actually obsolete.

Your comment tells me that the forwarder directive in bind9 is not necessary because bind9 gets the fastest DNS anyway?
Trying to tame bits. They're nasty.
Commented:
Well, DNS forwarding is normally a decision based on the network topology.
What I want to say is that the namebench complication is not needed and it would be overridden anyway. You can still use forwarders if you wish. It just makes the configuration a tad simpler...

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial