Forwarding from delegated zone not working
Darcy Kevin (FCA)
kevin.darcy at fcagroup.com
Tue Oct 10 15:43:31 UTC 2017
But surely you’d get an NXDOMAIN in that case, not a SERVFAIL.
The assumption I made in my post was that the delegation was pointed to the forwarding BIND instance, which is a non-starter.
- Kevin
From: bind-users [mailto:bind-users-bounces at lists.isc.org] On Behalf Of Ben Croswell
Sent: Tuesday, October 10, 2017 11:38 AM
To: seanliam73 <sean.oreilly at landg.com>
Cc: bind-users at lists.isc.org
Subject: Re: Forwarding from delegated zone not working
If the AD environment loads company.com<http://company.com> you need to make sure it has NS delegations. The nameserver will ignore the zone forwarded if it knows the child doesn't exist.
On Oct 10, 2017 11:22 AM, "seanliam73" <sean.oreilly at landg.com<mailto:sean.oreilly at landg.com>> wrote:
Hi
I have a subdomain delegated from AD to a bind9 instance I have running that
so that all requests for that subdomain are sent to the bind 9 instance. I
would then like to set up zone forwarding so that further subdomains can be
managed by other bind 9 instances.
I know the forwarding is working because I can query the main bind9 instance
at receive the expected results. However if I query from the AD server that
is doing the delegation I get a SERVFAIL error.
Am I trying to do something that is not possible or am I just missing some
configuration.
*main instance config*
options {
directory "/var/named";
listen-on port 53 { listen addr; };
auth-nxdomain yes;
recursion yes;
allow-query { ip addresses; };
listen-on-v6 { any; };
dnssec-enable no;
dnssec-validation no;
dnssec-lookaside auto;
};
logging {
channel default_debug {
file "data/named.run";
severity debug 3;
};
channel querylog {
file "data/query.log";
severity debug 5;
};
category default { default_debug; };
category queries { querylog; };
};
zone "example.company.com<http://example.company.com>" IN {
type forward;
forward only;
forwarders { ip address; };
};
zone "development.example.company.com<http://development.example.company.com>" IN {
type forward;
forward only;
forwarders { ip address; };
};
--
Sent from: http://bind-users-forum.2342410.n4.nabble.com/
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
bind-users mailing list
bind-users at lists.isc.org<mailto:bind-users at lists.isc.org>
https://lists.isc.org/mailman/listinfo/bind-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20171010/7017286d/attachment-0001.html>
More information about the bind-users
mailing list