Forwarding from delegated zone not working
Tony Finch
dot at dotat.at
Tue Oct 10 15:51:58 UTC 2017
seanliam73 <sean.oreilly at landg.com> wrote:
>
> I know the forwarding is working because I can query the main bind9
> instance at receive the expected results. However if I query from the AD
> server that is doing the delegation I get a SERVFAIL error.
I guess one possible cause for this problem might be if the AD server is
making iterative queries (RD=0) rather than recursive queries (RD=1). In
this the BIND forwarding setup will not work because forwarding only
applies to recursive queries.
It's probably more reliable to set up the subdomain and sub-sub-domains
with proper delegations, so that normal iterative resolution works.
A few unrelated notes...
> options {
> directory "/var/named";
> listen-on port 53 { listen addr; };
> auth-nxdomain yes;
Don't use this option, it has been useless since 2001.
> recursion yes;
> allow-query { ip addresses; };
> listen-on-v6 { any; };
> dnssec-enable no;
There should not be any reason to turn off DNSSEC support.
> dnssec-validation no;
> dnssec-lookaside auto;
dnssec-lookaside is now obsolete, but even before it was decommissioned
these two lines contradicted each other!
> };
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/ - I xn--zr8h punycode
Lundy, Fastnet, Irish Sea, Southeast Shannon: Southwesterly 5 to 7,
occasionally gale 8 later. Slight or moderate, becoming moderate or rough.
Occasional rain. Moderate or good, occasionally poor.
More information about the bind-users
mailing list