On Fri, May 1, 2015 at 6:39 AM, Tony Finch <d...@dotat.at> wrote:
> Paul Hoffman <paul.hoff...@vpnc.org> wrote:
> >
> > Forwarder -- Section 1 of [RFC2308] describes a forwarder as "a
> > nameserver used to resolve queries instead of directly using the
> > authoritative nameserver chain". [RFC2308] further says "The
> > forwarder typically either has better access to the internet, or
> > maintains a bigger cache which may be shared amongst many resolvers."
>
> The following two sentences don't agree with each other very well. The
> first is wrong because there can be chains of forwarders. The second
> sentence is more correct, though I don't understand the distinction
> between "is iterative-only or can be a full resolver" because an
> iterative-only resolver is a full resolver.
>
> > That definition appears to suggest that forwarders normally only
> > query authoritative servers.
>
> > [RFC2308]
> > is silent on whether a forwarder is iterative-only or can be a full
> > resolver.
>
> This sentence disagrees with the RFC 2308 meaning:
>
> > In current use, however, forwarders
> > often stand between stub resolvers and recursive servers.
>
> The RFC 2308 usage is:
>
> stub -> recursive server 1 -> recursive server 2
>
> RS1 is configured to use RS2 as a forwarder.
>
> In this definition "forwarder" is not a description of an individual
> server, it is a description of how a server (RS1) is configured to use
> another server (RS2). Neither RS1 nor RS2 are (by themselves) forwarders.
>
In light of the self contradictory text in RFC 2308, which in turn
conflicts with RFC 5625's equating DNS proxies with forwarders, perhaps
it's time for this draft to provide a new authoritative definition of
forwarder. To add further confusion to this topic, see ISC's own blog
article on forwarders, which defines a range of possible entities from
simple proxies to full resolvers as forwarders:
https://www.isc.org/blogs/dns-forwarders/
Personally, I prefer a definition that says that a forwarder is an entity
that forwards DNS queries to another system for resolution rather than
directly querying the authoritative DNS hierarchy. This seems the most
intuitive to me. If the forwarder is by implication of RFC 2308 the
opposite, i.e. the thing that receives forwarded queries and uses the
authoritative nameserver chain for resolution, then this just means we've
unnecessarily added another term to a full resolver (setting aside chains
of forwarders for the moment). It seems to me that the thing that is
forwarding queries is the thing that needs a new definitional term. But
maybe for some, that is a DNS proxy?
Shumon Huque
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
