On 18.1.2016 13:14, Mark Andrews via RT wrote: > > In message , "Petr Spacek via RT" writes: >> On 18.1.2016 04:42, Mark Andrews via RT wrote: >>> This allows queries to reach the Internet when the forwarder is down. The >>> current behaviour is explicitly designed to prevent this. Yes, this requires >>> people to think about what they are trying to achieve. >>> >>> "forward first;" is optimisation "forward only;" is grafting of namespace / server >>> reachability. >> >> I see your point, Mark. What about a following approach? >> >> When an automatic empty zone is unloaded, it must be replaced with a new >> auto-generated "replacement" forward zone. The replacement forward zone will >> use IP addresses of the forwarders from the "conflicting"/"user-defined" >> forward zone and use policy = only. > > and if you do that you will get servfail rather than nxdomain when the > forwarders are down. Yes, that is correct. I believe that it is a good thing because there is no useful answer anyway. Of course, our user base is way smaller than yours, but it seems to me that users are more puzzled by unexpected NXDOMAIN than by SERVFAILs. Often I can see users claiming that NXDOMAIN is a caching issue and start to flush caches along the path, or even lowering max-cache-ttl, in a false hope that it would help (and never returning it back to original values, of course). Petr Spacek @ Red Hat >> This will prevent BIND from leaking queries to the public Internet even if the >> user-defined forward policy != only and the forwarder fails. >> >> At the same time, I believe that it would be less error-prone from user's >> perspective. >> >>> Note "forward" is almost always the wrong way to graft on namespace but somehow >>> this is what people do rather than slaving the top of the private namespace. >> >> I agree, but unfortunately I do not see a way around user's unwillingness to >> change bad habits. >> >> >> Thank you for considering this. >> >> -- >> Petr Spacek @ Red Hat