Forwarding from delegated zone not working

Ben Croswell ben.croswell at gmail.com
Tue Oct 10 15:38:02 UTC 2017 

If the AD environment loads company.com you need to make sure it has NS
delegations. The nameserver will ignore the zone forwarded if it knows the
child doesn't exist.

On Oct 10, 2017 11:22 AM, "seanliam73" <sean.oreilly at landg.com> wrote:

> Hi
>
> I have a subdomain delegated from AD to a bind9 instance I have running
> that
> so that all requests for that subdomain are sent to the bind 9 instance. I
> would then like to set up zone forwarding so that further subdomains can be
> managed by other bind 9 instances.
>
> I know the forwarding is working because I can query the main bind9
> instance
> at receive the expected results. However if I query from the AD server that
> is doing the delegation I get a SERVFAIL error.
>
> Am I trying to do something that is not possible or am I just missing some
> configuration.
>
> *main instance config*
>
> options {
>         directory "/var/named";
>         listen-on port 53 { listen addr; };
>         auth-nxdomain yes;
>         recursion yes;
>         allow-query { ip addresses; };
>         listen-on-v6 { any; };
>         dnssec-enable no;
>         dnssec-validation no;
>         dnssec-lookaside auto;
> };
>
> logging {
>         channel default_debug {
>                 file "data/named.run";
>                 severity debug 3;
>         };
>
>         channel querylog {
>                 file "data/query.log";
>                 severity debug 5;
>         };
>
>         category default { default_debug; };
>         category queries { querylog; };
> };
>
> zone "example.company.com" IN {
>         type forward;
>         forward only;
>         forwarders { ip address; };
> };
>
> zone "development.example.company.com" IN {
>         type forward;
>         forward only;
>         forwarders { ip address; };
> };
>
>
>
> --
> Sent from: http://bind-users-forum.2342410.n4.nabble.com/
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20171010/27c983e1/attachment.html>

More information about the bind-users mailing list