Forwarding/delegated subdomains in BIND 8.3.1

Barry Finkel b19141 at achilles.ctd.anl.gov
Tue Jun 11 12:49:35 UTC 2002 

chris.mielke at drake.edu wrote:

> I am trying to delegate the four Active Directory subdomains
> (_tcp,_udp,_sites and _msdcs) from BIND 8.3.1 to Microsoft DNS servers.
> Here's an excerpt of the named.conf files running on my primary and
> secondary DNS servers including info for the AD domain:
> ----------------------------------------------------------
> // Primary DNS
> // BIND 8.3.1 configuration file
> options {
>         directory "/etc/namedb";
>         forwarders { 207.100.190.14; 207.100.190.43; };
>         forward only;
> };
> zone "mydomain.edu" {
>         type master;
>         file "named.hosts";
>         forwarders {};          // Prevents forwarding for subdomains
>         check-names ignore;     // Allows underscores in hostnames
>         allow-update { none; };
> };
> -----------------------------------------------------------
> // Secondary DNS
> // BIND 8.3.1 configuration file
> options {
>         directory "/etc/namedb";
>         forwarders { 207.100.190.14; 207.100.190.43; };
>         forward only;
> };
> zone "mydomain.edu" {
>         type slave;
>         file "named.hosts.bak";
>         masters { 10.1.0.26; };
> //      forwarders {};          // Prevents forwarding for subdomains
>         check-names ignore;     // Allows underscores in hostnames
>         allow-update { none; };
> };
> --------------------------------------------------------------
> The delegation works great from the Primary DNS server, but when a query is
> sent to the Secondary DNS server the request is sent to the forwarders which
> have no knowledge of the delegated zones. At first glance you would think I
> need to uncomment the forwarders {} option in the named.conf on the
> Secondary DNS server, but when I do so it begins forwarding all requests for
> mydomain.edu to the forwarders. Does anyone know what I need to do to get my
> secondary DNS server to answer for mydomain.edu, but forward requests for
> the delegated zones (_tcp.mydomain.edu, _udp.mydomain.edu, etc.) to the
> Microsoft DNS servers the same way my primary DNS server is?

I am not sure what you are trying to accomplish.  What I did for the
11 sets of "_" zones I have on my w2k DNS box is this:

1) In each parent zone xxx.anl.gov I added these lines:

        _msdcs          IN      NS      rhino221.anl.gov.
        _sites          IN      NS      rhino221.anl.gov.
        _tcp            IN      NS      rhino221.anl.gov.
        _udp            IN      NS      rhino221.anl.gov.

2) As my master DNS servers are "hidden" masters, I defined these zones
   to my four slaves (the machines that every computer has in the
   TCP/IP configuration as DNS servers).  Users do not have to make
   any changes to their DNS configurations because all of the anl.gov
   zones reside on dns1.anl.gov and dns2.anl.gov.

----------------------------------------------------------------------
Barry S. Finkel
Electronics and Computing Technologies Division
Argonne National Laboratory          Phone:    +1 (630) 252-7277
9700 South Cass Avenue               Facsimile:+1 (630) 252-4601
Building 222, Room D209              Internet: BSFinkel at anl.gov
Argonne, IL   60439-4828             IBMMAIL:  I1004994

More information about the bind-users mailing list