Forwarding from delegated zone not working

Darcy Kevin (FCA) kevin.darcy at fcagroup.com
Tue Oct 10 15:43:31 UTC 2017 

But surely you’d get an NXDOMAIN in that case, not a SERVFAIL.

The assumption I made in my post was that the delegation was pointed to the forwarding BIND instance, which is a non-starter.


-          Kevin


From: bind-users [mailto:bind-users-bounces at lists.isc.org] On Behalf Of Ben Croswell
Sent: Tuesday, October 10, 2017 11:38 AM
To: seanliam73 <sean.oreilly at landg.com>
Cc: bind-users at lists.isc.org
Subject: Re: Forwarding from delegated zone not working

If the AD environment loads company.com<http://company.com> you need to make sure it has NS delegations. The nameserver will ignore the zone forwarded if it knows the child doesn't exist.

On Oct 10, 2017 11:22 AM, "seanliam73" <sean.oreilly at landg.com<mailto:sean.oreilly at landg.com>> wrote:
Hi

I have a subdomain delegated from AD to a bind9 instance I have running that
so that all requests for that subdomain are sent to the bind 9 instance. I
would then like to set up zone forwarding so that further subdomains can be
managed by other bind 9 instances.

I know the forwarding is working because I can query the main bind9 instance
at receive the expected results. However if I query from the AD server that
is doing the delegation I get a SERVFAIL error.

Am I trying to do something that is not possible or am I just missing some
configuration.

*main instance config*

options {
        directory "/var/named";
        listen-on port 53 { listen addr; };
        auth-nxdomain yes;
        recursion yes;
        allow-query { ip addresses; };
        listen-on-v6 { any; };
        dnssec-enable no;
        dnssec-validation no;
        dnssec-lookaside auto;
};

logging {
        channel default_debug {
                file "data/named.run";
                severity debug 3;
        };

        channel querylog {
                file "data/query.log";
                severity debug 5;
        };

        category default { default_debug; };
        category queries { querylog; };
};

zone "example.company.com<http://example.company.com>" IN {
        type forward;
        forward only;
        forwarders { ip address; };
};

zone "development.example.company.com<http://development.example.company.com>" IN {
        type forward;
        forward only;
        forwarders { ip address; };
};



--
Sent from: http://bind-users-forum.2342410.n4.nabble.com/
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-users at lists.isc.org<mailto:bind-users at lists.isc.org>
https://lists.isc.org/mailman/listinfo/bind-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20171010/7017286d/attachment-0001.html>

More information about the bind-users mailing list