Forwarding from delegated zone not working

Darcy Kevin (FCA) kevin.darcy at
Tue Oct 10 15:43:31 UTC 2017

But surely you’d get an NXDOMAIN in that case, not a SERVFAIL.

The assumption I made in my post was that the delegation was pointed to the forwarding BIND instance, which is a non-starter.

-          Kevin

From: bind-users [mailto:bind-users-bounces at] On Behalf Of Ben Croswell
Sent: Tuesday, October 10, 2017 11:38 AM
To: seanliam73 <sean.oreilly at>
Cc: bind-users at
Subject: Re: Forwarding from delegated zone not working

If the AD environment loads<> you need to make sure it has NS delegations. The nameserver will ignore the zone forwarded if it knows the child doesn't exist.

On Oct 10, 2017 11:22 AM, "seanliam73" <sean.oreilly at<mailto:sean.oreilly at>> wrote:

I have a subdomain delegated from AD to a bind9 instance I have running that
so that all requests for that subdomain are sent to the bind 9 instance. I
would then like to set up zone forwarding so that further subdomains can be
managed by other bind 9 instances.

I know the forwarding is working because I can query the main bind9 instance
at receive the expected results. However if I query from the AD server that
is doing the delegation I get a SERVFAIL error.

Am I trying to do something that is not possible or am I just missing some

*main instance config*

options {
        directory "/var/named";
        listen-on port 53 { listen addr; };
        auth-nxdomain yes;
        recursion yes;
        allow-query { ip addresses; };
        listen-on-v6 { any; };
        dnssec-enable no;
        dnssec-validation no;
        dnssec-lookaside auto;

logging {
        channel default_debug {
                file "data/";
                severity debug 3;

        channel querylog {
                file "data/query.log";
                severity debug 5;

        category default { default_debug; };
        category queries { querylog; };

zone "<>" IN {
        type forward;
        forward only;
        forwarders { ip address; };

zone "<>" IN {
        type forward;
        forward only;
        forwarders { ip address; };

Sent from:
Please visit to unsubscribe from this list

bind-users mailing list
bind-users at<mailto:bind-users at>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the bind-users mailing list