Recursive queries through authoritative server
Barry Margolin
barmar at alum.mit.edu
Tue Aug 5 02:57:10 UTC 2008
In article <g7795f$1tb6$1 at sf1.isc.org>,
John Oliver <joliver at john-oliver.net> wrote:
> I'm dealing with an environment where domain.com is, of course,
> delegated in the root servers, but there is also a set of Windows AD
> servers that are authoritative for domain.com. I wanted to manage DNS
> for my labs, so, in the AD servers, I delegated sub.domain.com to a
> couple of centOS servers running bind. Now, "the powers that be" want
> all of my lab machines to use my DNS servers rather than the AD servers.
> The problem with this is, all queries for domain.com are now handled via
> the root servers to the servers handling the "real" domain.com, which is
> completely different from the zone served by the AD servers. On top of
> that, reverse DNS no longer works.
>
> I could add zones for domain.com and all in-addr.arpa zones consiting of
> NS records, but that doesn't feel right. Also, it wouldn't help the
> next time someone adds an IP range that's being handled by AD.
>
> Is there a way to tell my bind servers to forward all queries they don't
> have an answer for up to the AD servers? Could it be as simple as
> configuring them to use the AD servers as root servers? Would that keep
> Internet name resolution working properly?
Configure
options {
forwarders { <addresses of AD servers>; };
...
};
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***
More information about the bind-users
mailing list