Question regarding configuring a forward zone
Kevin Darcy
kcd at daimlerchrysler.com
Sat Mar 13 00:22:19 UTC 2004
Is hq.company.com properly delegated from company.com?
- Kevin
Bell, William IT wrote:
>Hi all,
>I've been reading the DNS & BIND book, and I've done a search online, but I
>can't seem to find an answer to my specific question...
>
>We currently have a mix of two DNS environments on our LAN: Windows DNS &
>BIND (on Unix). Unfortunately, this is due to the fact that we're migrating
>our internal DNS to Windows because of our new AD implementation (our
>internet DNS will remain on BIND however!)
>
>To facilitate this migration, we're putting/migrating all the "new" DNS
>entries into a subdomain of our new company name (hq.company.com) that is
>served by Windows AD/DNS. Note that our external (internet) DNS also has
>the same "root" domain (company.com) as our new internal subdomain
>(hq.company.com).
>
>The old internal domain (oldcompany.com), and a very small part of the
>internet domain (for internal access to servers in our DMZ), is still served
>by BIND. This includes everything that has not been migrated, including all
>the Unix servers and network switches/routers/firewalls.
>
>When we're done with this migration, all internal hosts will be in the new
>subdomain (hq.company.com) and the old internal domain (oldcompany.com) will
>be turned off.
>
>We thought that in order to keep the DNS/hosts in the subdomain visible to
>the hosts served by BIND during the migration, we would just put a forward
>zone in the named.conf file to forward any queries for the new subdomain to
>the WinDNS servers. However, when I tried doing this, the queries failed.
>Not sure what I'm doing wrong here...
>
>Here's the pertinent part of my named.conf file:
>----------------------------------------------------------------------
>acl "trusted" {
> 10.0.0.0/8;
> localhost;
>};
>
>include "/etc/rndc.key";
>
>server 10.14.5.111 {
> keys { ns1-ns2 ;};
>};
>
>options {
> directory "/var/named";
> pid-file "/var/run/named.pid";
> statistics-file "/var/run/named.stats";
> dump-file "/var/run/named.dump";
>
> version "Off with your head!";
> query-source address * port 53;
>
> allow-query { trusted; };
> allow-recursion { trusted; };
>
> // IP addresses of Internet nameservers authoritative for
> // our internet namespace; these are our forwarders.
> forwarders {
> 218.52.204.86;
> 218.16.33.182;
> 64.132.95.50;
> 136.92.94.12;
> };
> forward only;
>
> notify yes;
> interface-interval 0;
> transfer-format many-answers;
> max-transfer-time-in 60;
> max-transfer-time-out 60;
>};
>
>controls {
> inet * allow { localhost; 10.14.5.111; } keys { rndc-key; ns1-ns2 ;
>};
>};
>
>zone "oldcompany.com" {
> type master;
> file "db.oldcompany";
> allow-transfer { key ns1-ns2; };
> also-notify { 10.14.5.111; };
>};
>
>zone "10.in-addr.arpa" {
> type master;
> file "db.10";
> allow-transfer { key ns1-ns2; };
> also-notify { 10.14.5.111; };
>};
>
>zone "hq.company.com" {
> type forward;
> forwarders {10.14.6.7; 10.14.5.202; 10.14.6.5; };
>};
>
>zone "company.com" {
> type master;
> file "db.company";
> allow-transfer { key ns1-ns2; };
> also-notify { 10.14.5.111; };
>};
>
>...
>----------------------------------------------------------------------
>
>Any advice would be greatly appreciated.
>
>Regards,
>-Bill
>
>
>********************************************
>This communication and any files or attachments transmitted with it may contain information that is confidential, privileged and exempt from disclosure under applicable law. It is intended solely for the use of the individual or the entity to which it is addressed. If you are not the intended recipient, you are hereby notified that any use, dissemination, or copying of this communication is prohibited by federal law. If you have received this communication in error, please destroy it and notify the sender.
>********************************************
>
>
>
>
>
>
More information about the bind-users
mailing list