RE: Forwarding from delegated zone not working

Tue, 10 Oct 2017 08:42:13 -0700 

It doesn't work to delegate to a forwarder; you have to delegate to something 
that's authoritative for the zone (master or slave). Delegated nameservers are 
expected to have a full copy of the zone, either as the source (master) or 
through replication (slave).

Now, if you have restrictions/limitations that prevent you both from a) 
delegating directly from AD to the authoritative nameservers, and b) 
replicating from the authoritative nameservers to the BIND instance in 
question, then you'd need to look into some sort of "DNS proxy", but that's not 
BIND, and really beyond the scope of this list.

                                                                                
                                                                - Kevin

-----Original Message-----
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of 
seanliam73
Sent: Tuesday, October 10, 2017 11:22 AM
To: bind-users@lists.isc.org
Subject: Forwarding from delegated zone not working

Hi

I have a subdomain delegated from AD to a bind9 instance I have running that so 
that all requests for that subdomain are sent to the bind 9 instance. I would 
then like to set up zone forwarding so that further subdomains can be managed 
by other bind 9 instances.

I know the forwarding is working because I can query the main bind9 instance at 
receive the expected results. However if I query from the AD server that is 
doing the delegation I get a SERVFAIL error.

Am I trying to do something that is not possible or am I just missing some 
configuration.

*main instance config* 

options {
        directory "/var/named";
        listen-on port 53 { listen addr; };
        auth-nxdomain yes;
        recursion yes;
        allow-query { ip addresses; };
        listen-on-v6 { any; };
        dnssec-enable no;
        dnssec-validation no;
        dnssec-lookaside auto;
};

logging {
        channel default_debug {
                file "data/named.run";
                severity debug 3;
        };

        channel querylog {
                file "data/query.log";
                severity debug 5;
        };

        category default { default_debug; };
        category queries { querylog; };
};

zone "example.company.com" IN {
        type forward;
        forward only;
        forwarders { ip address; };
};

zone "development.example.company.com" IN {
        type forward;
        forward only;
        forwarders { ip address; };
};



--
Sent from: http://bind-users-forum.2342410.n4.nabble.com/
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to