Hello, we're using bind 9.9 as authoritative DNS servers for some locally managed zones and some windows 2008 R2 active directory DNS zones (hidden primary). Now we would like to enable DNSSEC (inline signing by bind) for the windows zones. Unfortunately we came across a small problem with this setup:
Assuming the following basic setup: example.com (managed by bind) win.example.com (windows domain zone, transfered from windows DNS server) _msdcs.win.example.com (special purpose windows domain zone, transfered from windows DNS server) Enabling DNSSEC for example.com and win.example.com is simple. But for _msdcs.win.example.com we've a problem: DS records have to be inserted into the win.example.com domain. The windows 2008 R2 DNS server doesn't allow us to create DS records for Active Directory Integrated Zones. Essentially we're looking for a way to inject DS records into a slave zone (transfered from another DNS server). We tried adding the DS records for _msdcs.win.example.com to the example.com zone file but they are ignored by bind. Is there any other way to make this setup work with bind? Best Regards, Thomas _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
