Forward only zones.

Vbvbrj vbvbrj at
Tue Jul 26 08:11:38 UTC 2011

On 26.07.2011 00:48, Kevin Darcy wrote:
> Correct. That's the distinction which is typically made between a DNS 
> *forwarder* (which caches) and a DNS *proxy* (which doesn't). As far 
> as I know, BIND cannot be configured to be a DNS proxy.
But I don't want BIND as a proxy. )
>> Answers from its cache, that may be out of date.
> This is tunable via the TTL values on the relevant RRsets. Consult the 
> manual of your authoritative DNS server software, for details.
TTL or expires must be lowered at microsoft DNS?
>> Also, records not always are update when adding or removing computers 
>> from domain.
> Either a) you're just restating the previous problem (answers might be 
> from cached data) or b) this is a data-consistency or "lag" problem 
> between various components in Microsoft-land -- BIND cannot fix that.
Answers are from cache.

On 26.07.2011 10:22, harish badrinath wrote:
> On Mon, Jul 25, 2011 at 7:53 PM, Vbvbrj<vbvbrj at>  wrote:
>> I just can't for now move active directory's dns database to BIND.
> You could use something much simpler like dnsmasq
> ( Setting it up as a DNS
> forwarder is a breeze, while you migrate DNS data away from microsoft
> DNS to BIND ??
Interesting solution, but this software is not for windows. For now I 
replace software for needed services from Microsoft to opensource on the 
same microsoft server. When I'll move every service (samba, AD, file 
server extended security) I'll move to *unix system.

On 26.07.2011 10:57, Peter Andreev wrote:
> May be you should look at the problem from other point and configure 
> microsoft's dns server to forward queries to BIND? Of course you will 
> need to reconfigure clients to use microsoft's dns only, but in this 
> case microsoft's dns will serve queries to your domain and BIND wil 
> server qeries to other domains. I think it will be better solution. 
For now I just use Microsoft DNS on the same server. Until I will find a 
way for my BIND problem, or learn to use AD with BIND.

More information about the bind-users mailing list