Forwarding problem; Forward Last?
Mark Andrews
Mark_Andrews at isc.org
Thu Feb 7 13:09:38 UTC 2008
> Hi,
> (needless to say I have been looking for the answer for days before
> posting here).
>
> I am in the process of replacing Novell Netware's repackaged Bind by a
> standard Linux Bind build.
> My setup is quite simple :
>
> Bind is authoritative for sub.company.com. It uses 2 company.com
> forwarders (which doesn't know anything about our zone and/or network
> apart from a couple A records it holds for external sub.company.com
> access. That's stupid but that's how they do.)
> There is an active directory, which is named -you guessed it allready-
> ad.sub.company.com. Bind is not a slave for that zone, it just holds a NS
> and it's glue record, as follow
> ad NS ns.ad.sub.company.com.
> ns.ad.sub.company.com. A 192.168.0.1
>
> My problem is the following: when my forwarders are down or undefined and
> I query Bind for a record in ad.company.com, it asks ns.ad.sub.company.com
> and answer with the right answer. (read : if the forwarders are defined
> but not reachable for some reasons, like FW blocking access, the cascading
> works).
> However when Bind can reach the forwarders, it just asks them for records
> in ad domain; they answer with a no such domain and resolution stops
> there.
>
> Reading Bind's documentation (and O'reilly's book, 5th edition) I am not
> missing anything obvious about delegation. It might have to do with my
> forwarder being unaware of my setup but I don't see quite how (and I can't
> do anything about it).
> I have not tried to make bind a slave for the AD zone. I would like the
> above setup to work before trying other setups.
>
> Any help would be apreciated,
turn forwarding off for the sub zone.
zone sub.company.com {
....
forwarders { /* empty */ };
};
>
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list