Purpose of a 'forwarder' option in a master zone

What is the purpose of setting a forwarders option in a master zone?

In named.conf, it looks like this:

zone "master.zone"
{
    type master;
    file "zones/master/zone/master.zone";
    key-directory "zones/master/zone/keys";
    allow-update {
        admin;
    };
    forward only;
    forwarders {
        8.8.8.8;
    };
};

I understand the importance of forwarders and forward options in a forward zone, but I don't get the utility to set them in a master zone.

Thanks.


Solution 1:

The scenario where this actually makes a difference is when you receive a recursion request for something that is under this zone but not part of this zone.

Specifically:

  • You run a mixed authoritative + recursive nameserver
  • You have an authoritative zone (master or slave), eg example.com
  • You have some subdomain in that zone delegated elsewhere, eg foo.example.com. IN NS ns.other.example.
  • You receive a recursion request for foo.example.com or something below it (a name that is not part of your zone as foo.example.com was delegated elsewhere)

Under these circumstances, the forwarders { ... }; value on the authoritative zone is the most specific place you can use to define which (if any) forwarders should be used to resolve names below it which are not in any of your own zones.

Other than this particular scenario, I am not aware of any situation where the setting has any effect.

Solution 2:

Any query that your nameserver cannot resolve locally will be sent to that address, effectively asking it to resolve the query on your server's behalf (ie a recursive query).

This is often done for networking reasons - say you don't want your corporate DNS exposed directly to the Internet, you could create a forrwarder to a DMZ name server, which will query Internet on its behalf.