Zone hints for VPN environments
Tony Finch
dot at dotat.at
Mon Feb 15 10:58:02 UTC 2016
Andreas Meile <mailingliste at andreas-meile.ch> wrote:
> The question is: How can I place the ActiveDirectory DNS as forwarder DNS
> server in such a way that it is responsible for a specific DNS zone only?
You very nearly have the right idea, but you are trying to use the wrong
zone type. There are a few options that can work in your situation:
type stub - The "masters" you specify must be authoritative for the zone.
Your server fetches the NS records from the masters and resolves
names for the zone using these NS records. This is a bit like a
hint zone, except hints are only for the root zone.
type static-stub - You specify "server-addresses" or "server-names" which
must be authoritative for the zone. These servers are used
directly, ignoring the zone's NS records. This might work better
than a stub zone if your network disagrees with the zone contents
because of NAT.
type forward - You specify "forwarders" which must be recursive servers
that know how to resolve names in the zone.
There are more details about zone types in the ARM at
http://ftp.isc.org/isc/bind9/9.10.3-P3/doc/arm/Bv9ARM.ch06.html#id2595082
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Biscay: Northeast 6 to gale 8, decreasing 4 or 5 later. Very rough or high,
becoming rough or very rough. Showers. Good, occasionally poor.
More information about the bind-users
mailing list