Question regarding configuring a forward zone
Bell, William IT
WBell at mvphealthcare.com
Fri Mar 12 23:19:48 UTC 2004
Hi all,
I've been reading the DNS & BIND book, and I've done a search online, but I
can't seem to find an answer to my specific question...
We currently have a mix of two DNS environments on our LAN: Windows DNS &
BIND (on Unix). Unfortunately, this is due to the fact that we're migrating
our internal DNS to Windows because of our new AD implementation (our
internet DNS will remain on BIND however!)
To facilitate this migration, we're putting/migrating all the "new" DNS
entries into a subdomain of our new company name (hq.company.com) that is
served by Windows AD/DNS. Note that our external (internet) DNS also has
the same "root" domain (company.com) as our new internal subdomain
(hq.company.com).
The old internal domain (oldcompany.com), and a very small part of the
internet domain (for internal access to servers in our DMZ), is still served
by BIND. This includes everything that has not been migrated, including all
the Unix servers and network switches/routers/firewalls.
When we're done with this migration, all internal hosts will be in the new
subdomain (hq.company.com) and the old internal domain (oldcompany.com) will
be turned off.
We thought that in order to keep the DNS/hosts in the subdomain visible to
the hosts served by BIND during the migration, we would just put a forward
zone in the named.conf file to forward any queries for the new subdomain to
the WinDNS servers. However, when I tried doing this, the queries failed.
Not sure what I'm doing wrong here...
Here's the pertinent part of my named.conf file:
----------------------------------------------------------------------
acl "trusted" {
10.0.0.0/8;
localhost;
};
include "/etc/rndc.key";
server 10.14.5.111 {
keys { ns1-ns2 ;};
};
options {
directory "/var/named";
pid-file "/var/run/named.pid";
statistics-file "/var/run/named.stats";
dump-file "/var/run/named.dump";
version "Off with your head!";
query-source address * port 53;
allow-query { trusted; };
allow-recursion { trusted; };
// IP addresses of Internet nameservers authoritative for
// our internet namespace; these are our forwarders.
forwarders {
218.52.204.86;
218.16.33.182;
64.132.95.50;
136.92.94.12;
};
forward only;
notify yes;
interface-interval 0;
transfer-format many-answers;
max-transfer-time-in 60;
max-transfer-time-out 60;
};
controls {
inet * allow { localhost; 10.14.5.111; } keys { rndc-key; ns1-ns2 ;
};
};
zone "oldcompany.com" {
type master;
file "db.oldcompany";
allow-transfer { key ns1-ns2; };
also-notify { 10.14.5.111; };
};
zone "10.in-addr.arpa" {
type master;
file "db.10";
allow-transfer { key ns1-ns2; };
also-notify { 10.14.5.111; };
};
zone "hq.company.com" {
type forward;
forwarders {10.14.6.7; 10.14.5.202; 10.14.6.5; };
};
zone "company.com" {
type master;
file "db.company";
allow-transfer { key ns1-ns2; };
also-notify { 10.14.5.111; };
};
...
----------------------------------------------------------------------
Any advice would be greatly appreciated.
Regards,
-Bill
********************************************
This communication and any files or attachments transmitted with it may contain information that is confidential, privileged and exempt from disclosure under applicable law. It is intended solely for the use of the individual or the entity to which it is addressed. If you are not the intended recipient, you are hereby notified that any use, dissemination, or copying of this communication is prohibited by federal law. If you have received this communication in error, please destroy it and notify the sender.
********************************************
More information about the bind-users
mailing list