In message <514911cf.5060...@verizon.net>, Gerry Reno writes:
> On 03/19/2013 09:26 PM, b...@bitrate.net wrote:
> > On Mar 19, 2013, at 20.30, Gerry Reno <gr...@verizon.net> wrote:
> >
> >> On 03/19/2013 08:10 PM, b...@bitrate.net wrote:
> >>> On Mar 18, 2013, at 23.04, Gerry Reno <gr...@verizon.net> wrote:
> >>>
> >>>> On 03/18/2013 10:25 PM, b...@bitrate.net wrote:
> >>>>> On Mar 18, 2013, at 20.27, Gerry Reno <gr...@verizon.net> wrote:
> >>>>>
> >>>>>> Using BIND 9.8.2
> >>>>>>
> >>>>>> When you setup Samba 4 AD DC using BIND9_DLZ and your domain has exter
> nal servers (eg: www,mail) at external providers
> >>>>>> this means that the ISP and the internal network nameservers will both
> have SOA record for the domain.
> >>>>> it's not really anything particularly related to samba or dlz. it's ju
> st two different computers serving the same zone. you're just "hijacking" or
> overloading that particular label. in addition to declaring the zone in you
> r config, you'll need to delegate that new zone from the parent.
> >>>>>
> >>>>> it's worth noting that this scales poorly. having to add delegations a
> nd zone declarations for every label for which this is desired becomes quickl
> y prohibitive. instead, i'd suggest using a subdomain for samba - e.g. somet
> hing like ad.example.com. there are a number of other solutions as well whic
> h would likely be more sensible than hijacking labels.
> >>>>>
> >>>>> -ben
> >>>>>
> >>>> If it was more than just a few labels I would do it another way.
> >>>>
> >>>> But this will suffice, if I can only get bind to actually get the forwar
> d zone working.
> >>>>
> >>>> I don't need any delegation. I'm not looking to slave the zone.
> >>> as i said, you'll need to delegate that new zone from the parent. i'm no
> t sure what slaves zones would have to do with that.
> >>>
> >>> -ben
> >>>
> >> As I said, if I was going to do this for a bunch of labels I would add an
> external view and just slave it from the ISP
> >> which holds the SOA for the external answers.
> > i don't know what the point of that would be. you'd still have to overload
> your other zone.
> >
> > all i can do at this point is suggest you simply try what has been suggeste
> d [by multiple people].
> >
> > -ben
> >
> >
> It's called Split-DNS.
>
> And delegation was implemented yesterday.
>
> Still no answer about what is the use case for this forward zone. And why m
> any people have posted that they have not
> been able to get it to work for years.
Forward zones affect where recursive queries are sent.
They have 2 purposes:
1. work around firewalls blocking direct access to the authoritative servers
(forward only).
2. allow access to central caches (forward first).
They do not and never have instantiated delegations.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
