DNS forwarding

Barry S. Finkel bsfinkel at att.net
Tue May 30 02:43:57 UTC 2017

On 5/22/2017 10:48 AM, bind-users-request at lists.isc.org wrote:
> On 05/22/2017 07:16 AM, Barry S. Finkel wrote:
>> Maybe I am misinterpreting the problem.  When I was managing a mixed
>> AD-BIND DNS scenario, ALL of the computers used the BIND servers for
>> their DNS resolution; none used the AD servers.  But I had all of the
>> AD zones slaved on my BIND servers, so there was no need for any machine
>> to use the AD servers for DNS resolution.  The AD servers had only
>> the AD zones, so if any machine queried the AD server for a non-AD zone,
>> the request would have been forwarded to the BIND servers anyway.

On Mon, 22 May 2017 08:46:59 -0600  Grant Taylor replied:

> Could your AD clients still reach the AD DNS servers?  (It sounds like
> they could.)
> It's been my experience that AD clients still want to reach the master
> name server (in the SOA record) to do Dynamic DNS updates.
> (I've also successfully forced those through a BIND secondary configured
> to forward the dynamic updates to the AD master.)
> -- Grant. . . . unix || die

The only dynamic updates were to the AD"_" zones.  Windows desktops and
servers had static IP addresses, so they did not use DHCP.  One forward
zone and five /24 reverse zones were completely dynamic, and those zones
were mastered on a Windows DNS Server and slaved on my BIND servers.

As I have written before, there were lots of serial number updates
in these zones (forward, reverse, and "_") were the one contents did
not change.  This caused a lot of unnecessary zone transfers between
the Windows DNS masters and my BIND slaves.

--Barry Finkel

More information about the bind-users mailing list