On a network with restricted access to the Internet, this makes sense, as you reduce the use of the scare resource, your small pipe. For a machine with a broadband or better connection, you would suffer the cost of the extra hop going through a forwarder if there's a cache miss, which makes performance highly dependent on the characteristics of your forwarder's cache. It also makes you vulnerable to misconfiguration of the forwarder. (Ask Comcast/ATTBI customers about that when it happened a couple years ago for a couple months and screwed up Win2k users. Win2k's client caching resolver locks to the first server returning a reply, and it would randomly lock to ATTBI servers with bad information.) A root hints system removes your forwarders as points of failure. You bypass them and go straight to the authoritative servers for each domain.
Kenneth, while your comment is technically correct, in my not-so-humble opinion it is a very poor recommendation to give others. Having every nickel-and-dime home network go straight to the root servers is going to create exponential growth of the load on those servers; the fact that large backbone providers serve ISP's who in turn serve their customers is one of the things that helps make the Internet scalable.
As an example: say there are only three layers of service providers between the typical home/SOHO/smallbiz network and the root servers. If there were only 1,000 companies in each layer (which is ridiculously small) and only 5% of the typical small networks went straight to the rootservers, then one can see that out of 1,000,000,000 (one billion) small networks, there would now be an additional 50,000,000 (fifty million) small networks directly querying the rootservers. Those numbers add up, man.
For the huge majority of people, the *proper* way to configure a caching-nameserver is to set up one or two forwarders to be checked first before going to the root servers. The additional penalty in speed is in milliseconds (which those small networks won't even notice), and the potential for cache poisoning, while real, is also tiny. I very, very strongly disagree with your advice: it is technically correct and valid, but sadly lacking in netiquette and good network design.
Cheers,
-- Rodolfo J. Paiz rpaiz@xxxxxxxxxxxxxx http://www.simpaticus.com
