Re: Named Servers
WS> This config is flawed. If your pointing your root-hints to
WS> the internal root, then any uncached internal query will first
WS> need to fail at the forwarder, then will be sent to the internal
WS> root using root hints. This delay is multiplied if using
WS> multiple forwarders to an ISP for example. Not the way this
WS> should be setup IMO.
Indeed, that's not even its _major_ flaw. The major flaw is that,
unpredictably, according to whether or not it is able to query the forwardee
successfully, the internal proxy DNS server recurses to one of two different
(sets of) DNS servers which present two different views of the DNS database.
This is a recipe for utter disaster.