Delegation (to Active Directory DNS) woes

Mark Andrews Mark_Andrews at isc.org
Tue Oct 11 14:50:58 UTC 2005


> I'm setting up a hybrid DNS in which all ip to name resolving is done in BIND
>  
> on linux, and the specific Active Directory stuff is delegated to our domain 
> controllers. What I'm trying to do is a simple delegation of the microsoft 
> specific subdomains (for example _tcp) to another machine.
> 
> I've got a BIND server (linda) who's auth. for:
> company.be
> site1.company.be
> site2.company.be
> 
> I want to delegate _tcp.company.be to another server (willow) who is in the 
> comapny.be namespace.
> 
> Here's part of the zone file on linda for the company.be zone:
> 
> $TTL 3D
> @                       IN              SOA             linda.company.be. 
> hostmaster.company.be. (
>                         1126260125      ; 
>                         8H              ;
>                         1H              ;
>                         4W              ;
>                         1D )            ;
> ;
>         NS      linda.company.be.  ;
> 	MX      10 mx.company.be.        ;
> ;
> localhost		A               127.0.0.1
> ;
> willow               A               10.10.1.220
> linda                A               10.10.1.221
> hostmaster     CNAME           linda
> frank                A               10.10.1.24
> _tcp.company.be                  NS              willow.company.be.
> 
> 
> This doesn't work. I've added the following in the named.conf file since that
>  
> was suggested in some earlier posts about delegation.:
> 
> zone "company.be" {
>         type master;
>         notify no;
>         file "db.company";
>         forwarders { /* empty */ };
> };
> zone "_tcp.company.be" {
> type forward;
> forwarders { 10.1001.220; };
> };
> 
> 
> But when if do `dig -t ns _tcp.company.be` it doesn't find an answer and the 
> delegation is not working.
> I just can't see why it doesn't. Maybe someone else does?
> 
> Kind regards,
> 
> Joost

	You are testing the complete system with the query above.
	You need to break things down and test each part.

	First thing make sure the server for the delegated zone
	is properly configured. Use
	"dig -t ns _tcp.company.be @10.10.1.220 +norec" to test.

	Next remove the zone declaration for _tcp.company.be
	as it is not needed.

	Then test the delegation information with
	"dig -t ns _tcp.company.be +norec".

	Then test that you can follow the delegation with
	"dig -t ns _tcp.company.be".
	
	Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org



More information about the bind-users mailing list