content-type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
X-RT-Original-Encoding: utf-8
Content-Length: 1744

Hello,

I would like to propose a change in BIND's behavior with respect to
interaction between forward 'zones' and automatic empty zones:

Currently the configure_view() in server.c disables/skips the automatic empty
zones if there is a forward 'zone' with policy 'only'.

	/*
	 * If we would forward this name don't add a
	 * empty zone for it.
	 */
	result = dns_fwdtable_find(view->fwdtable, name,
				   &forwarders);
	if (result == ISC_R_SUCCESS &&
	    forwarders->fwdpolicy == dns_fwdpolicy_only)
		continue;

For me as a user, it is kind of confusing and inconvenient that empty zones
are enabled even for dns_fwdpolicy_first, because it effectively means that
forwarding is not working for automatic empty zones.

Typically I have to manually disable empty zones when global forwarder (for
root zone) is configured as traffic optimization measure, while full recursion
is used as a fallback.

In other words, the gotcha is that condition 'we would forward this name' is
fulfilled also when forward policy 'first' is used.


Would it be possible to relax the condition to
    forwarders->fwdpolicy != dns_fwdpolicy_none
?

That would match my expectation as user - i.e. when I configure forwarding for
all zones, it should be respected.


I can see the potential problem with leaking queries when all configured
forwarders fail, but given that this would happen only in a (hopefully rare)
error state, I think it is a good trade-off for usability.


If this is 'simple' fix is not acceptable, I can write a patch which would
replace automatic empty zone with forward 'zone' with policy 'only' and
addresses taken from parent forward zone with policy 'first', if you wish.


Thank you for considering this.

-- 
Petr Spacek  @  Red Hat