No announcement yet.

RootHints Or DNS Forwarding

  • Filter
  • Time
  • Show
Clear All
new posts

  • RootHints Or DNS Forwarding

    Hey All,

    We have a 2003 domain, Firewall and Internet access on our network.

    Currently the local DNS is setup to use the InterNic Root(hints) to discover Internet DNS requests.

    I wanted to ask what are the advantages/disadvantages of using RootHints against DNS Forwarders. What do you prefer -
    Sending requests to the InterNIC servers or the ISP servers?


  • #2
    Re: RootHints Or DNS Forwarding

    I like to use the Root Hints only and let my DNS servers do recursion for my DNS clients.


    • #3
      Re: RootHints Or DNS Forwarding

      I use the same sort of setup as Joeqwerty.

      One reason the Root Servers can be an advantage is less chance of an outage, there are 13 of them (Very redundant, Located World Wide). Your ISP may only have 2 (Sitting in the same server room). So if something happens to the ISP's Servers you loose DNS...

      Attacks have been attempted on the Root Servers but (correct me if I am wrong) they have only successfully DDos'd 9 or the 13 servers in one shot...

      A list of the Root Servers and Locations can be found here...
      Hope this helps.


      My advice is provided AS IS, without warranty of any kind, express or implied. Follow at your own risk.


      • #4
        Re: RootHints Or DNS Forwarding

        I would use my ISP's DNS. First if those are down it will continue to the root servers anyway. Second your ISP would complete the request to the root servers, if it did not know the answer, much quicker then yours could. Third it reduces the load on the root servers if the ISP had the answer in its cache.

        ISP's DNS servers are generally very reliable so that is usually not an issue. You can use many DNS servers if you like, in addition to your ISP's, if they do have known reliability issues.
        "...if I turn out to be particularly clear, you've probably misunderstood what I've said” - Alan Greenspan


        • #5
          Re: RootHints Or DNS Forwarding

          In my (recent) experience, a problem with forwarding is that if you change ISP's, and forget to change the setting, your old ISP DNS setting may not work anymore, and when it fails to work, it can REALLY drag the name resolution. Our DNS server took forever to give up on the forwarder and use the recursion (root hints) alternative. We had mail scripts that would fail intermittently for months, depending on load. MS Premire support was looking at our Exchange server for weeks. Turned out to be the DNS forwarding that I just happened to see while ca[pturing packets.

          I don't feel that the speed increase is worth adding a point-of-failure, but to each his own....