Reverse resolution ambiguities

Lars Hanke debian at lhanke.de
Thu Sep 25 09:39:37 UTC 2014


I have a Bind9 infrastructure serving an internal network at .mytld. 
Since it may happen that .mytld becomes an official TLD in the future, I 
decided to migrate to .internal.my.official.tld, i.e. currently all 
machines are available with the same IP in both domains.

Now we decided to move our authentication to a samba4 based AD. This 
means that the AD runs yet another domain .ad.my.official.tld, which 
introduces a third name for those systems, which joined the domain. But 
not all systems are expected to join. The master Bind currently 
replicates the .ad.my.official.tld zone of the AD.

However, to make Kerberos work, reverse lookup must yield 
client.ad.my.offcial.tld for any machine that joined the domain and it 
should yield client.internal.my.official.tld otherwise.

Of course I could put together a couple of scripts to tinker an 
appropriate zone file for the reverse lookup or to update the master 
Bind accordingly. My question is: is there a way to configure bind to 
achieve this?

Thanks for your help,
  - lars


More information about the bind-users mailing list