DNS forwarding - BlueCat Integrity - 9.4.0

Address Manager Administration Guide

Locale
English
Product name
BlueCat Integrity
Version
9.4.0

DNS forwarding allows a server to forward all queries for which it isn't authoritative to other DNS servers.

Normally, when a DNS server configured to accept recursive queries receives a query for which it isn't authoritative, it checks for the answer in its cache. If it doesn't have the answer, it queries the Internet DNS root servers and other DNS servers throughout the DNS namespace until it receives an answer. The DNS server then returns the answer to the original client.

An organization may have a number of DNS servers accepting recursive queries. Each server queries the namespace independently and changes its information based on a defined time to live. While such a system can work well, there's often duplication of cached data because multiple servers are performing the same Internet queries and caching the same information. Such redundant queries can waste bandwidth. Additionally, each server exposes itself to any potential threats while traversing the Internet.

You can use DNS forwarding to increase the efficiency and security of a DNS topology that uses recursion. One or more DNS servers acting as forwarders receive queries from other DNS servers, which in turn are configured to forward their recursive queries to the forwarders. In such an arrangement, only the forwarders query the root servers and other servers on the Internet. The forwarders build their caches as they perform queries. As this centralized cache builds, query time decreases going forward as the rest of the DNS servers are able to use the centralized cache.

DNS forwarding can be configured using one of following two methods:
Note: BlueCat recommends performing only one of following two methods. Performing both methods on the same Address Manager server might result in conflict.
  • Configuring DNS forwarding—when the Forwarding DNS option is enabled, all queries for which a server isn't authoritative are sent to other DNS server.
  • Configuring DNS zone forwarding—use this method if you want to forward queries for different domain names to different DNS servers according to the specific domain names contained in the queries.