On 18 August 2016 at 01:04, anup albal <anupal...@hotmail.com> wrote: > Does that mean I setup another forwarding zone called microsoft.com or > sharepoint.microsoft.com or both?
Ideally you should setup a completely separate caching/forwarding server and not be using the external DNS box (NS1) for this purpose. On the box you are forwarding the queries to (NS1) you need to enable recursion and specify an ACL for recursion to limit it to only allowing recursion from the internal DNS1 box. On the internal DNS box (DNS1) also make sure recursion is enabled and an ACL in place allowing your client subnets, and configure forward zones for sharepoint.com and microsoft.com zones (and any other zones needed by the sharepoint service) to point at the NS1 box. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users