Multiple AD domains

Wed Jul 27 19:20:08 UTC 2016

I'm going to try slaves like so

If I setup slave zones like so on 192.168.1.1

zone "domainA" IN { type slave; masters { 192.168.2.1; }; file
"db.domainA"; };
zone "domainB" IN { type slave; masters { 192.168.3.1; }; file
"db.domainB"; };

and in 192.168.2.1 and 192.168.3.1
in options

notify yes;
also-notify { 192.168.1.252; };
allow-transfer { 192.168.1.252; };

On Wed, Jul 27, 2016 at 1:11 PM, <wbrown at e1b.org> wrote:

> > From: Jeff Sadowski <jeff.sadowski at gmail.com>
>
> > On the samba mailing list they described setting up the DC as the NS
> > and forward to another machine for more rules.
> > This will work fine for one domain. Now lets say I have 2 domains.
> >
> > If I setup forwarders like so on 192.168.1.1
> >
> > zone "domainA" IN { type forward; forward only; forwarders { 192.
> > 168.2.1; }; };
> > zone "domainB" IN { type forward; forward only; forwarders { 192.
> > 168.3.1; }; };
> >
> > It will cache entries for each domain and if a computer gets a
> > different address for dhcp it will update on the domain's DNS but
> > the dns on 192.168.1.1 will have a cached entry untill it expires.
> >
> > 192.168.2.1 and 192.168.3.1 are setup to forward all other zones
> > than their domain names to 192.168.1.1
>
> Your Domain Controllers should be the DNS servers for any computer in that
> domain.  Forward any other queries to a recursive server (192.169.1.1?)
> which may or may not be authoritative for other domains.
>
> > if I have DNS server set for all machines in domainA to 192.168.2.1
> > all machines on domainA see any DNS changes to domainA imediately
> > machines on domainB are cached and can take time to clear out.
> > And
> > if I have DNS server set for all machines in domainB to 192.168.3.1
> > all machines on domainB see any DNS changes to domainB imediately
> > machines on domainA are cached and can take time to clear out.
>
>  Yep, thats how it works.
>
> > What is the best way to resolve this issue?
>
> Short TTLs in your domain controller DNS.
>
> ------------------------------
>
>
> * Confidentiality Notice: This electronic message and any attachments may
> contain confidential or privileged information, and is intended only for
> the individual or entity identified above as the addressee. If you are not
> the addressee (or the employee or agent responsible to deliver it to the
> addressee), or if this message has been addressed to you in error, you are
> hereby notified that you may not copy, forward, disclose or use any part of
> this message or any attachments. Please notify the sender immediately by
> return e-mail or telephone and delete this message from your system.*
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20160727/eff9a63e/attachment.html>