I guess i made the assumption that zone was properly forwarded at the MS end.
However as you mentioned if it was only delegated then it would SERVFAIL at the BIND server when receiving an iterative query from MS if BIND isn't authoritative. On Oct 10, 2017 11:44 AM, "Darcy Kevin (FCA)" <kevin.da...@fcagroup.com> wrote: But surely you’d get an NXDOMAIN in that case, not a SERVFAIL. The assumption I made in my post was that the delegation was pointed to the forwarding BIND instance, which is a non-starter. - Kevin *From:* bind-users [mailto:bind-users-boun...@lists.isc.org] *On Behalf Of *Ben Croswell *Sent:* Tuesday, October 10, 2017 11:38 AM *To:* seanliam73 <sean.orei...@landg.com> *Cc:* bind-users@lists.isc.org *Subject:* Re: Forwarding from delegated zone not working If the AD environment loads company.com you need to make sure it has NS delegations. The nameserver will ignore the zone forwarded if it knows the child doesn't exist. On Oct 10, 2017 11:22 AM, "seanliam73" <sean.orei...@landg.com> wrote: Hi I have a subdomain delegated from AD to a bind9 instance I have running that so that all requests for that subdomain are sent to the bind 9 instance. I would then like to set up zone forwarding so that further subdomains can be managed by other bind 9 instances. I know the forwarding is working because I can query the main bind9 instance at receive the expected results. However if I query from the AD server that is doing the delegation I get a SERVFAIL error. Am I trying to do something that is not possible or am I just missing some configuration. *main instance config* options { directory "/var/named"; listen-on port 53 { listen addr; }; auth-nxdomain yes; recursion yes; allow-query { ip addresses; }; listen-on-v6 { any; }; dnssec-enable no; dnssec-validation no; dnssec-lookaside auto; }; logging { channel default_debug { file "data/named.run"; severity debug 3; }; channel querylog { file "data/query.log"; severity debug 5; }; category default { default_debug; }; category queries { querylog; }; }; zone "example.company.com" IN { type forward; forward only; forwarders { ip address; }; }; zone "development.example.company.com" IN { type forward; forward only; forwarders { ip address; }; }; -- Sent from: http://bind-users-forum.2342410.n4.nabble.com/ _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
