![](https://seccdn.libravatar.org/avatar/03f977b763487de21403593533d8ee18.jpg?s=120&d=mm&r=g)
I am trying to figure out how to configure BIND 9.x and have come across these two questions. In the example files there is a tag named "forwarders" which I am a bit confused about. As I understand things, *named* will, by default, resolve on behalf of cleints by querying other name servers on the Internet looking for the domain name the client has requested. If I set *forwarders* to a list of DNS servers, then my DNS sever will ask these servers for the query results. This works whether or not I have the *forward* variable explicitly set. If I have a null *forwarders* list then my DNS server will look for answers on the basis of the root.hints file. In either case, if my internal hosts have their /etc/resolv.conf set to the IP Address of my DNS server, then my internal hosts will not be hitting other DNS servers directly. They will ask my server for an answer and it will do the rest of the work. This is the default behavior, but it can be changed. This paragraph from _The Bind 9 Administrator's Reference Manual_ ( http://www.nominum.com/resources/documentation/ ) seems to contradict that understanding: "1.4.3.4 Forwarding Server "Instead of interacting with the nameservers for the root and other domains, a forwarding server always forwards queries it cannot satisfy from its authoritative data or cache to a fixed list of other servers. The forwarded queries are also known as recursive queries, the same type as a client would send to a server. There may be one or more servers forwarded to, and they are queried in turn until the list is exhausted or an answer is found. A forwarding server is typically used when you do not wish all the servers at a given site to interact with the rest of the Internet servers. A typical scenario would involve a number of internal DNS servers and an Internet firewall. Servers unable to pass packets through the firewall would forward to the server that can do it, and that server would query the Internet DNS servers on the internal server s behalf. An added benefit of using the forwarding feature is that the central machine develops a much more complete cache of information that all the workstations can take advantage of." The above paragraph makes me think that hosts would go out on the internet looking for answers if they didn't get them from my DNS server. Can anybody clarify this for me? In summary, my first question is as follows: what is the default behavior of the clients and DNS servers within my zone with respect to resolutions which go outside of my zone? My second question is something I believe I should know the answer to, but I have never understood it. This is the 168.117.138.0/24 notation. I believe /24 means the same as a net mask of 255.255.255.0 the 24 indicates the number of bits counting from the left which are masked. 255.255.255.0 base 10 = 11111111.11111111.11111111.00000000 which has 24 '1's. Is this correct? TIA, Steve -- What is Truth? Truth is something so noble that if God could turn aside from it, I could keep to the Truth and let God go. -- Meister Eckhart