DNS on Windows 2000

Certain network connections discourage sending large volumes of traffic off-site, either because the network connection is pay- per-packet or because it is a slow link with a high delay, as with a remote office's satellite connection to the company's network. In these situations, you want to limit the off-site DNS traffic to the bare minimum. The Microsoft DNS Server has a feature called forwarding to handle this.

If you designate one or more servers at your site as forwarders, all off-site queries are sent to the forwarders first. The idea is that the forwarders handle all off-site queries generated at the site, building up a rich cache of information. For any given query in a remote domain, there is a high probability that the forwarder can answer the query from its cache, avoiding the need for the other servers to send packets off-site. Nothing special is done to these servers to make them forwarders; you modify all the other servers at your site to direct their queries through the forwarders.

A primary master or slave name server's mode of operation changes slightly when it is directed to use a forwarder. If the requested information is already in its database of authoritative data and cache data, it answers with this information; this part of the operation hasn't changed. However, if the information is not in its database, the name server sends the query to a forwarder and waits a short period for an answer before resuming normal operation and contacting the remote servers itself. What the name server is doing that's different is sending a recursive query to the forwarder, expecting it to find the answer. At all other times, the name server sends out nonrecursive queries to other name servers and deals with responses that refer only to other name servers.

Forwarding is by server, not by zone : a server is either forwarding or it isn't. It's configured by selecting the Forwarders tab on the server properties window. Figure 10-9 shows how a movie.edu name server is configured to use forwarders, assuming wormhole and terminator are the site's forwarders. (Remember, forwarding is configured on every name server except the forwarders themselves ?span class="docEmphasis">wormhole and terminator in this case.)

Enable forwarders enables forwarding on this name server. You can specify up to five forwarders. This name server forwards to them in the order in which they're listed, using a default timeout of five seconds per forwarder; that is, if the first forwarder doesn't respond within five seconds, try the next, wait five more seconds, try the next , and so on. The forwarding timeout can be changed with the Forward time-out field. This value is stored in a Registry value, ForwardingTimeout , which you can also change. (The list of forwarders is stored in the Forwarders value.) We'll talk about the Do not use recursion option in the next section.

When you use forwarders, try to keep your site configuration simple. You can end up with configurations that are really twisted. Follow these tips:

• Avoid having "mid-level" servers forward packets (that is, avoid configuring forwarding on your mid-level name servers). Mid-level servers mostly refer name servers to subdomain name servers. If they have been configured to forward packets, do they refer to subdomain name servers, or do they contact the subdomain name server to find out the answer? Whichever way it works, you're probably making your site configuration too hard for mere mortals (and subdomain administrators) to understand.

• Avoid chaining your forwarders. Don't configure server a to forward to server b , and configure server b to forward to server c (or worse yet, back to server a ).