Reverse resolution ambiguities

Lars Hanke debian at
Thu Sep 25 09:39:37 UTC 2014

I have a Bind9 infrastructure serving an internal network at .mytld. 
Since it may happen that .mytld becomes an official TLD in the future, I 
decided to migrate to, i.e. currently all 
machines are available with the same IP in both domains.

Now we decided to move our authentication to a samba4 based AD. This 
means that the AD runs yet another domain, which 
introduces a third name for those systems, which joined the domain. But 
not all systems are expected to join. The master Bind currently 
replicates the zone of the AD.

However, to make Kerberos work, reverse lookup must yield for any machine that joined the domain and it 
should yield otherwise.

Of course I could put together a couple of scripts to tinker an 
appropriate zone file for the reverse lookup or to update the master 
Bind accordingly. My question is: is there a way to configure bind to 
achieve this?

Thanks for your help,
  - lars

More information about the bind-users mailing list