BIND ARM incorrectly documents the processing of forwarders (still has the pre 9.3.0 explanation)
This should be easy to fix.
In BIND 9.16 ARM I am reading in section 1.4.5 (Caching Name Servers):
Forwarding
Even a caching name server does not necessarily perform the complete recursive lookup itself. Instead, it
can forward some or all of the queries that it cannot satisfy from its cache to another caching name server,
commonly referred to as a forwarder.
There may be one or more forwarders, and they are queried in turn until the list is exhausted or an answer is
found. Forwarders are typically used when you do not wish all the servers at a given site to interact directly
with the rest of the Internet servers. A typical scenario would involve a number of internal DNS servers and
an Internet firewall. Servers unable to pass packets through the firewall would forward to the server that
can do it, and that server would query the Internet DNS servers on the internal server’s behalf.This changed in 9.3.0 with this:
- [func] Use response times to select forwarders.
And it has been asked about and discussed by users many times since, so I'm quite surprised the ARM is still wrong.
This ancient bug ticket asked for an update to the documentation, but it was never actioned and eventually closed in a stale bugs ticket cleanup:
https://bugs.isc.org/Ticket/Display.html?id=16518
The submitter also suggests consulting of an RBL as another use case for forwarding worth documenting (we've seen this in action recently on a customer site) - so that might also be added to this section.
None of the options actually detail how the list of forwarders is used, so it's only in this section that we need to elaborate on it.
See also customer submitted ticket #16812