Delegation (to Active Directory DNS) woes
Mark Andrews
Mark_Andrews at isc.org
Tue Oct 11 14:50:58 UTC 2005
> I'm setting up a hybrid DNS in which all ip to name resolving is done in BIND
>
> on linux, and the specific Active Directory stuff is delegated to our domain
> controllers. What I'm trying to do is a simple delegation of the microsoft
> specific subdomains (for example _tcp) to another machine.
>
> I've got a BIND server (linda) who's auth. for:
> company.be
> site1.company.be
> site2.company.be
>
> I want to delegate _tcp.company.be to another server (willow) who is in the
> comapny.be namespace.
>
> Here's part of the zone file on linda for the company.be zone:
>
> $TTL 3D
> @ IN SOA linda.company.be.
> hostmaster.company.be. (
> 1126260125 ;
> 8H ;
> 1H ;
> 4W ;
> 1D ) ;
> ;
> NS linda.company.be. ;
> MX 10 mx.company.be. ;
> ;
> localhost A 127.0.0.1
> ;
> willow A 10.10.1.220
> linda A 10.10.1.221
> hostmaster CNAME linda
> frank A 10.10.1.24
> _tcp.company.be NS willow.company.be.
>
>
> This doesn't work. I've added the following in the named.conf file since that
>
> was suggested in some earlier posts about delegation.:
>
> zone "company.be" {
> type master;
> notify no;
> file "db.company";
> forwarders { /* empty */ };
> };
> zone "_tcp.company.be" {
> type forward;
> forwarders { 10.1001.220; };
> };
>
>
> But when if do `dig -t ns _tcp.company.be` it doesn't find an answer and the
> delegation is not working.
> I just can't see why it doesn't. Maybe someone else does?
>
> Kind regards,
>
> Joost
You are testing the complete system with the query above.
You need to break things down and test each part.
First thing make sure the server for the delegated zone
is properly configured. Use
"dig -t ns _tcp.company.be @10.10.1.220 +norec" to test.
Next remove the zone declaration for _tcp.company.be
as it is not needed.
Then test the delegation information with
"dig -t ns _tcp.company.be +norec".
Then test that you can follow the delegation with
"dig -t ns _tcp.company.be".
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list