DNS and Forwarding

According to my readings, forwarders statement is used to lessen the load on a machine. If this statement is not present, I would think the root servers would be contacted where it would then contact the appropriate authorative server to resolve the name.

The following is my named.conf file:

Code:

---

options {
        directory "/var/cache/bind";

  // from bind 9:
  //    [fetch-glue] is obsolete. In BIND 8, fetch-glue yes caused the
  //  server to attempt to fetch glue resource records it didn't have
  //  when constructing the additional data section of a response.
  //  This is now considered a bad idea and BIND 9 never does it.

  fetch-glue no;

  // If there is a firewall between you and nameservers you want
  // to talk to, you might need to uncomment the query-source
  // directive below.  Previous versions of BIND always asked
  // questions using port 53, but BIND 8.1 and later use an unprivileged
  // port by default.

  // query-source address * port 53;

  // If your ISP provided one or more IP addresses for stable
  // nameservers, you probably want to use them as forwarders.
  // Uncomment the following block, and insert the addresses replacing
  // the all-0's placeholder.

      // I've included xx for viewing sake. The actual ip address work.
  forwarders {
      xx.xx.xx.xx.
      xx.xx.xx.xx;
  };

  notify no;
};

// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind/README.Debian for information on the
// structure of BIND configuration files in Debian for BIND versions 8.2.1
// and later, *BEFORE* you customize this configuration file.
//

// reduce log verbosity on issues outside our control
logging {
  category lame-servers { null; };
  category cname { null; };
};

// prime the server with knowledge of the root servers
zone "." {
        type hint;
        file "db.root";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
        type master;
        file "db.local";
};

zone "127.in-addr.arpa" {
        type master;
        file "db.127";
};

zone "0.in-addr.arpa" {
        type master;
        file "db.0";
};

zone "255.in-addr.arpa" {
        type master;
        file "db.255";
};

---

If I take out the forwarders statement, any names outside of my local domain cannot be resolved. What am I missing?

Without forwarders, BIND tries to resolve everything itself and fails miserably. Are you sure that db.root is where it should be? What about your /etc/resolv.conf? Is it set up to point to the machine itself for resolution? 8)

db.root is located in /var/cache/bind as with other zone files. /etc/resolv.conf points at itself.

I know using forwarders is a better solution but I was doing this to see if it named was working correctly without the forwarders statement.