> Because the AD domain controllers already own 10.in-addr.arpa, they
> refuse to allow us to configure conditional forwarding for its
> subdomains. So we delegated the subdomains to the inbound endpoints.
> Because they are delegations, the domain controllers set the recursion
> desired flag to 0 on the queries they send to the endpoints, and we are
> not getting replies from the endpoints.
Yuck, what a horrible problem. I don't know of any easy solutions, but I
can think of two difficult ones:
* Reconfigure everything to use BIND for recursive DNS instead of AD.
* Try using dnsdist - except that as far as I can tell from its
documentation it can force RD=0 but not RD=1, so you'll need to patch
it to get the functionality you need.
Tony.
--
f.anthony.n.finch <d...@dotat.at> http://dotat.at/
Tyne, Dogger: South 5 or 6, veering west or southwest 3 or 4. Moderate
occasionally rough at first, becoming slight. Rain at first. Good,
occasionally poor at first.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
