Root hints with Forwarders?

Discussion in 'DNS Server' started by gscanga, Jun 2, 2009.

  1. gscanga

    gscanga Guest

    Do I need to care about my root hint servers if I configure our name servers
    to use forwarders?
    gscanga, Jun 2, 2009
    1. Advertisements

  2. Hello gscanga,

    From another posting:

    "Forwarder vs Root Hint"
    By configuring a forwarder, you are specifying one or more IPs that your
    DNS erver will forward queries to if it cannot resolve a query locally.
    When configured with a forwarder, the DNS server will perform a recursive
    query; that is, it will forward the query to the forwarder then sit back
    and wait for the response. Whatever response is received from the forwarder
    is sent back to the client as-is, the DNS server will make no further attempt
    to locate the resource if the forwarder cannot resolve it. In the case of
    root hints, the DNS server itself will perform an iterative query to locate
    the resource, starting at the .com ROOT server, for example, then using referrals
    to move to the server and then to the server,
    so on and so forth until it either receives an authoritative answer or is
    unable to resolve the query. The difference here, really, is in -which- DNS
    server is performing the work. In the case of a forwarder, your DNS server
    is off-loading its name resolution onto another DNS server, most likely your
    ISP's server. In the case of root hints, your DNS server is doing all of
    the "heavy lifting" itself.
    One thing to be aware of when using root hints is to be certain that your
    Microsoft DNS server has not configured -itself- as a root hints server.
    If you see a DNS zone called '.' in the DNS management console, delete it
    so that your server can use the actual Internet root servers successfully.

    Best regards

    Meinolf Weber
    Meinolf Weber [MVP-DS], Jun 2, 2009
    1. Advertisements

  3. gscanga

    gscanga Guest

    Perfect- thank you, Meinolf.

    gscanga, Jun 2, 2009
  4. In addition to Meinolf's explanation, it depends on the level of fault
    tolerance. But then again, it also depends on the number of forwarders. DNS
    acts as a resolving client when it uses a Forwarder because as the
    explanation indicated, it is sending the request elsewhere, essentially
    offloading the request so it doesn't have to hit the Roots to devolve the
    query. If there are multiple Forwarders, DNS will hit each Forwarder. If it
    runs out of Forwarders, only then will it use the Roots, unless the checkbox
    to disable recursion is set under the Forwarders tab (not the Advanced tab).
    But then that all takes time. Keep in mind there is a time out that a client
    will wait, so if the original client request that sent it to your DNS server
    is waiting beyond the time out period, and the DNS server is waiting on it's
    resolution request from a Forwarder, and the time out period is reached and
    no response is received, the client will assume that the DNS address that it
    used is no good and will remove it from the 'eligible resolvers list' and
    then query the second one.

    So for all practical purposes, I never set more than two Forwarders,
    otherwise what's the use? If the first two can't resolve it, it probably is
    not resolvable anyway.

    Make sense?

    Here's more info and a discussion I previously had with Kevin Goodnecht
    concerning this topic and the timeout period:

    DNS Forwarder Resolution and Time Out Process:

    Information on how a DNS Forwarder time-out works with using multiple

    Keep in mind, if you have too many forwarders listed, and only one is
    recommended (I believe 6 is the most it will use), the client side resolver
    may time out waiting for the 4th forwarder to get queried and will go to the
    next DNS server listed in the client's IP properties.

    Configure a DNS server to use forwarders (you can change the time-out

    Good explanation by Kevin Goodnecht explaining the forwarders time out and
    scenarios with too many Forwarders listed.
    quoted from above link:
    "Actually, the DNS service will stick to the Forwarder that provides an
    answer, no matter where it is in the list, if one forwarder times out(no
    answer) it will move to the next forwarder in the list, if the next
    forwarder provides an answer it uses it until it times out. The problem for
    you is, that it may not get back around to the first forwarder, before the
    Forwarding timeout expires, and it starts using recursion itself and goes to
    the root hints.

    Now, if you check the box "Do not use recursion" the DNS server will use
    only its forwarders, and will not use root hints. But this cannot guarantee
    that one of the other servers being used as a forwarder answer the query,

    I recommend that if there is a domain that cannot be reached through the
    internet root, that you add a secondary zone for that domain on the Win2k
    DNS server."


    This posting is provided "AS-IS" with no warranties or guarantees and
    confers no rights.

    Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
    Microsoft Certified Trainer

    For urgent issues, you may want to contact Microsoft PSS directly. Please
    check for regional support phone numbers.

    "Efficiency is doing things right; effectiveness is doing the right
    things." - Peter F. Drucker
    Ace Fekay [Microsoft Certified Trainer], Jun 2, 2009
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.