Forwarding problem; Forward Last?

Mark Andrews Mark_Andrews at isc.org
Thu Feb 7 22:03:01 UTC 2008 

> I was pretty sure I tested that, but I double checked anyway.
> It doesn't work; Or at least, it forces me to define the zone as a slave 
> (or forward only) zone in named.conf, wich is not the solution I 
> envisioned.
> I just want to define a NS record and the corresponding A record for 
> delegation, wich works well as long as I can't forward to my main 
> forwarders.

	It does work.  You are just not applying it correctly.
	Please look at the example below and apply it to the
	corresponding zone in you heirachy.

	This is a perfect example of why one should not hide zone
	names etc. when asking for help.  It makes it hard to
	do the examples when one is using made up names.

	Mark

> bind-users-bounce at isc.org wrote on 07/02/2008 14:09:38:
> 
> > 
> > > Hi,
> > > (needless to say I have been looking for the answer for days before 
> > > posting here).
> > > 
> > > I am in the process of replacing Novell Netware's repackaged Bind by a 
> 
> > > standard Linux Bind build.
> > > My setup is quite simple :
> > > 
> > > Bind is authoritative for sub.company.com. It uses 2 company.com 
> > > forwarders (which doesn't know anything about our zone and/or network 
> > > apart from a couple A records it holds for external sub.company.com 
> > > access. That's stupid but that's how they do.)
> > > There is an active directory, which is named -you guessed it allready- 
> 
> > > ad.sub.company.com. Bind is not a slave for that zone, it just holds a 
> NS 
> > > and it's glue record, as follow
> > > ad      NS      ns.ad.sub.company.com.
> > > ns.ad.sub.company.com.  A       192.168.0.1
> > > 
> > > My problem is the following: when my forwarders are down or undefined 
> and 
> > > I query Bind for a record in ad.company.com, it asks 
> ns.ad.sub.company.com 
> > > and answer with the right answer. (read : if the forwarders are 
> defined 
> > > but not reachable for some reasons, like FW blocking access, the 
> cascading 
> > > works).
> > > However when Bind can reach the forwarders, it just asks them for 
> records 
> > > in ad domain; they answer with a no such domain and resolution stops 
> > > there.
> > > 
> > > Reading Bind's documentation (and O'reilly's book, 5th edition) I am 
> not 
> > > missing anything obvious about delegation. It might have to do with my 
> 
> > > forwarder being unaware of my setup but I don't see quite how (and I 
> can't 
> > > do anything about it).
> > > I have not tried to make bind a slave for the AD zone. I would like 
> the 
> > > above setup to work before trying other setups.
> > > 
> > > Any help would be apreciated,
> > 
> >    turn forwarding off for the sub zone.
> > 
> >    zone sub.company.com {
> >       ....
> >       forwarders { /* empty */ };
> >    };
> > > 
> > > 
> > -- 
> > Mark Andrews, ISC
> > 1 Seymour St., Dundas Valley, NSW 2117, Australia
> > PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org
> > 
> > 
> 
> 
> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the bind-users mailing list