Forwarding/delegated subdomains in BIND 8.3.1
Kevin Darcy
kcd at daimlerchrysler.com
Mon Jun 10 22:56:42 UTC 2002
chris.mielke at drake.edu wrote:
> I am trying to delegate the four Active Directory subdomains
> (_tcp,_udp,_sites and _msdcs) from BIND 8.3.1 to Microsoft DNS servers.
> Here's an excerpt of the named.conf files running on my primary and
> secondary DNS servers including info for the AD domain:
> ----------------------------------------------------------
> // Primary DNS
> // BIND 8.3.1 configuration file
> options {
> directory "/etc/namedb";
> forwarders { 207.100.190.14; 207.100.190.43; };
> forward only;
> };
> zone "mydomain.edu" {
> type master;
> file "named.hosts";
> forwarders {}; // Prevents forwarding for subdomains
> check-names ignore; // Allows underscores in hostnames
> allow-update { none; };
> };
> -----------------------------------------------------------
> // Secondary DNS
> // BIND 8.3.1 configuration file
> options {
> directory "/etc/namedb";
> forwarders { 207.100.190.14; 207.100.190.43; };
> forward only;
> };
> zone "mydomain.edu" {
> type slave;
> file "named.hosts.bak";
> masters { 10.1.0.26; };
> // forwarders {}; // Prevents forwarding for subdomains
> check-names ignore; // Allows underscores in hostnames
> allow-update { none; };
> };
> --------------------------------------------------------------
> The delegation works great from the Primary DNS server, but when a query is
> sent to the Secondary DNS server the request is sent to the forwarders which
> have no knowledge of the delegated zones. At first glance you would think I
> need to uncomment the forwarders {} option in the named.conf on the
> Secondary DNS server, but when I do so it begins forwarding all requests for
> mydomain.edu to the forwarders. Does anyone know what I need to do to get my
> secondary DNS server to answer for mydomain.edu, but forward requests for
> the delegated zones (_tcp.mydomain.edu, _udp.mydomain.edu, etc.) to the
> Microsoft DNS servers the same way my primary DNS server is?
What you describe makes no sense. "forwarders { }" should turn off forwarding
for the whole domain. At this point, if it were me, I'd be rolling up my
sleeves and generating/analyzing debug output...
- Kevin
More information about the bind-users
mailing list