Forwarding/delegated subdomains in BIND 8.3.1

Kevin Darcy kcd at daimlerchrysler.com
Mon Jun 10 22:56:42 UTC 2002 

chris.mielke at drake.edu wrote:

> I am trying to delegate the four Active Directory subdomains
> (_tcp,_udp,_sites and _msdcs) from BIND 8.3.1 to Microsoft DNS servers.
> Here's an excerpt of the named.conf files running on my primary and
> secondary DNS servers including info for the AD domain:
> ----------------------------------------------------------
> // Primary DNS
> // BIND 8.3.1 configuration file
> options {
>         directory "/etc/namedb";
>         forwarders { 207.100.190.14; 207.100.190.43; };
>         forward only;
> };
> zone "mydomain.edu" {
>         type master;
>         file "named.hosts";
>         forwarders {};          // Prevents forwarding for subdomains
>         check-names ignore;     // Allows underscores in hostnames
>         allow-update { none; };
> };
> -----------------------------------------------------------
> // Secondary DNS
> // BIND 8.3.1 configuration file
> options {
>         directory "/etc/namedb";
>         forwarders { 207.100.190.14; 207.100.190.43; };
>         forward only;
> };
> zone "mydomain.edu" {
>         type slave;
>         file "named.hosts.bak";
>         masters { 10.1.0.26; };
> //      forwarders {};          // Prevents forwarding for subdomains
>         check-names ignore;     // Allows underscores in hostnames
>         allow-update { none; };
> };
> --------------------------------------------------------------
> The delegation works great from the Primary DNS server, but when a query is
> sent to the Secondary DNS server the request is sent to the forwarders which
> have no knowledge of the delegated zones. At first glance you would think I
> need to uncomment the forwarders {} option in the named.conf on the
> Secondary DNS server, but when I do so it begins forwarding all requests for
> mydomain.edu to the forwarders. Does anyone know what I need to do to get my
> secondary DNS server to answer for mydomain.edu, but forward requests for
> the delegated zones (_tcp.mydomain.edu, _udp.mydomain.edu, etc.) to the
> Microsoft DNS servers the same way my primary DNS server is?

What you describe makes no sense. "forwarders { }" should turn off forwarding
for the whole domain. At this point, if it were me, I'd be rolling up my
sleeves and generating/analyzing debug output...


- Kevin

More information about the bind-users mailing list