Multiple AD domains

Jeff Sadowski jeff.sadowski at gmail.com
Wed Jul 27 19:23:13 UTC 2016 

I'm going to try slaves like so

If I setup slave zones like so on 192.168.1.1

zone "domainA" IN { type slave; masters { 192.168.2.1; }; file
"db.domainA"; };
zone "domainB" IN { type slave; masters { 192.168.3.1; }; file
"db.domainB"; };

and in 192.168.2.1 and 192.168.3.1
in options

notify yes;
also-notify { 192.168.1.1; };
allow-transfer { 192.168.1.1; };

On Wed, Jul 27, 2016 at 1:20 PM, Jeff Sadowski <jeff.sadowski at gmail.com>
wrote:

> I'm going to try slaves like so
>
> If I setup slave zones like so on 192.168.1.1
>
> zone "domainA" IN { type slave; masters { 192.168.2.1; }; file
> "db.domainA"; };
> zone "domainB" IN { type slave; masters { 192.168.3.1; }; file
> "db.domainB"; };
>
> and in 192.168.2.1 and 192.168.3.1
> in options
>
> notify yes;
> also-notify { 192.168.1.252; };
> allow-transfer { 192.168.1.252; };
>
>
> On Wed, Jul 27, 2016 at 1:11 PM, <wbrown at e1b.org> wrote:
>
>> > From: Jeff Sadowski <jeff.sadowski at gmail.com>
>>
>> > On the samba mailing list they described setting up the DC as the NS
>> > and forward to another machine for more rules.
>> > This will work fine for one domain. Now lets say I have 2 domains.
>> >
>> > If I setup forwarders like so on 192.168.1.1
>> >
>> > zone "domainA" IN { type forward; forward only; forwarders { 192.
>> > 168.2.1; }; };
>> > zone "domainB" IN { type forward; forward only; forwarders { 192.
>> > 168.3.1; }; };
>> >
>> > It will cache entries for each domain and if a computer gets a
>> > different address for dhcp it will update on the domain's DNS but
>> > the dns on 192.168.1.1 will have a cached entry untill it expires.
>> >
>> > 192.168.2.1 and 192.168.3.1 are setup to forward all other zones
>> > than their domain names to 192.168.1.1
>>
>> Your Domain Controllers should be the DNS servers for any computer in
>> that domain.  Forward any other queries to a recursive server
>> (192.169.1.1?) which may or may not be authoritative for other domains.
>>
>> > if I have DNS server set for all machines in domainA to 192.168.2.1
>> > all machines on domainA see any DNS changes to domainA imediately
>> > machines on domainB are cached and can take time to clear out.
>> > And
>> > if I have DNS server set for all machines in domainB to 192.168.3.1
>> > all machines on domainB see any DNS changes to domainB imediately
>> > machines on domainA are cached and can take time to clear out.
>>
>>  Yep, thats how it works.
>>
>> > What is the best way to resolve this issue?
>>
>> Short TTLs in your domain controller DNS.
>>
>> ------------------------------
>>
>>
>> * Confidentiality Notice: This electronic message and any attachments may
>> contain confidential or privileged information, and is intended only for
>> the individual or entity identified above as the addressee. If you are not
>> the addressee (or the employee or agent responsible to deliver it to the
>> addressee), or if this message has been addressed to you in error, you are
>> hereby notified that you may not copy, forward, disclose or use any part of
>> this message or any attachments. Please notify the sender immediately by
>> return e-mail or telephone and delete this message from your system.*
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20160727/6d97be79/attachment-0001.html>

More information about the bind-users mailing list