Forwarding problem; Forward Last?

Thu Feb 7 16:02:14 UTC 2008

I was pretty sure I tested that, but I double checked anyway.
It doesn't work; Or at least, it forces me to define the zone as a slave 
(or forward only) zone in named.conf, wich is not the solution I 
envisioned.
I just want to define a NS record and the corresponding A record for 
delegation, wich works well as long as I can't forward to my main 
forwarders.

bind-users-bounce at isc.org wrote on 07/02/2008 14:09:38:

> 
> > Hi,
> > (needless to say I have been looking for the answer for days before 
> > posting here).
> > 
> > I am in the process of replacing Novell Netware's repackaged Bind by a 

> > standard Linux Bind build.
> > My setup is quite simple :
> > 
> > Bind is authoritative for sub.company.com. It uses 2 company.com 
> > forwarders (which doesn't know anything about our zone and/or network 
> > apart from a couple A records it holds for external sub.company.com 
> > access. That's stupid but that's how they do.)
> > There is an active directory, which is named -you guessed it allready- 

> > ad.sub.company.com. Bind is not a slave for that zone, it just holds a 
NS 
> > and it's glue record, as follow
> > ad      NS      ns.ad.sub.company.com.
> > ns.ad.sub.company.com.  A       192.168.0.1
> > 
> > My problem is the following: when my forwarders are down or undefined 
and 
> > I query Bind for a record in ad.company.com, it asks 
ns.ad.sub.company.com 
> > and answer with the right answer. (read : if the forwarders are 
defined 
> > but not reachable for some reasons, like FW blocking access, the 
cascading 
> > works).
> > However when Bind can reach the forwarders, it just asks them for 
records 
> > in ad domain; they answer with a no such domain and resolution stops 
> > there.
> > 
> > Reading Bind's documentation (and O'reilly's book, 5th edition) I am 
not 
> > missing anything obvious about delegation. It might have to do with my 

> > forwarder being unaware of my setup but I don't see quite how (and I 
can't 
> > do anything about it).
> > I have not tried to make bind a slave for the AD zone. I would like 
the 
> > above setup to work before trying other setups.
> > 
> > Any help would be apreciated,
> 
>    turn forwarding off for the sub zone.
> 
>    zone sub.company.com {
>       ....
>       forwarders { /* empty */ };
>    };
> > 
> > 
> -- 
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org
> 
> 