<div dir="ltr"><br> <div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div>
</div>Probably should've wrote that is the first case it was:<br>
<div><br>
$ORIGIN <a href="http://foo.example.com" target="_blank">foo.example.com</a>.<br>
...<br>
ads NS <a href="http://ads.foo.example.com" target="_blank">ads.foo.example.com</a>.<br>
...<br>
</div>ads A a.b.c.d<br>
<div>dc2 A a.b.c.e<br>
dc3 A a.b.c.f<br>
<br>
</div>And, the modified case was:<br>
<div><br>
$ORIGIN <a href="http://foo.example.com" target="_blank">foo.example.com</a><br>
...<br>
ads NS <a href="http://dc2.foo.example.com" target="_blank">dc2.foo.example.com</a>.<br>
NS <a href="http://dc3.foo.example.com" target="_blank">dc3.foo.example.com</a>.<br>
</div>...<br>
ads A a.b.c.d<br>
<div>dc2 A a.b.c.e<br>
dc3 A a.b.c.f<br></div></blockquote><div><br></div><div>Okay--that helps.<br> <br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div>
<br>
</div>I didn't add dc2 or dc3...they were that way. And, they said those are their primary and secondary ADS servers.<br>
<br>
But, the nameserver for (sub)domain can be anywhere....including in somebody else's domain....<br>
<br></blockquote><div><br></div><div>Sure can. But AD domain controllers are generally located within their own domain. I don't know enough about AD to tell you what would happen if someone put their domain controllers in another domain, but my guess is that there would be problems....<br>
</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<a href="http://ksu.edu" target="_blank">ksu.edu</a>'s NS's are <a href="http://ns-1.ksu.edu" target="_blank">ns-1.ksu.edu</a>, <a href="http://ns-2.ksu.edu" target="_blank">ns-2.ksu.edu</a>, <a href="http://ns-3.ksu.edu" target="_blank">ns-3.ksu.edu</a>, <a href="http://nic.kanren.net" target="_blank">nic.kanren.net</a>, and <a href="http://kic.kanren.net" target="_blank">kic.kanren.net</a>. The registrar has the IP address of <a href="http://ns-1.ksu.edu" target="_blank">ns-1.ksu.edu</a>, <a href="http://ns-2.ksu.edu" target="_blank">ns-2.ksu.edu</a> and <a href="http://ns-3.ksu.edu" target="_blank">ns-3.ksu.edu</a>, so that it can included in the additional section when their resolvers are hit....<br>
<br></blockquote><div><br></div><div>Makes sense -- the .edu folks need to have your glue records.<br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
And, its certain possible that the hosts true FQDN is <a href="http://dc2.ads.foo.example.com" target="_blank">dc2.ads.foo.example.com</a>, but they had put them into central DNS as <a href="http://dc2.foo.example.com" target="_blank">dc2.foo.example.com</a>, before they had started doing ADS. It could also be something else entirely...like <a href="http://bob.ads.foo.example.com" target="_blank">bob.ads.foo.example.com</a>.<br>
<br></blockquote><div><br></div><div>At this point, I'd forget about whatever they originally put into central DNS and just approach this fresh. <br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
In fact, when I do a "dig +trace <a href="http://ads.foo.example.com" target="_blank">ads.foo.example.com</a>", I get:<br>
<br>
<a href="http://ads.foo.example.com" target="_blank">ads.foo.example.com</a>. 600 IN A a.b.c.e<br>
<a href="http://ads.foo.example.com" target="_blank">ads.foo.example.com</a>. 600 IN A a.b.c.f<br>
<a href="http://ads.foo.example.com" target="_blank">ads.foo.example.com</a>. 600 IN A a.b.c.d<br>
<a href="http://ads.foo.example.com" target="_blank">ads.foo.example.com</a>. 3600 IN NS <a href="http://dc2.ads.foo.example.com" target="_blank">dc2.ads.foo.example.com</a>.<br>
<a href="http://ads.foo.example.com" target="_blank">ads.foo.example.com</a>. 3600 IN NS <a href="http://dc1.ads.foo.example.com" target="_blank">dc1.ads.foo.example.com</a>.<br>
<a href="http://ads.foo.example.com" target="_blank">ads.foo.example.com</a>. 3600 IN NS <a href="http://dc3.ads.foo.example.com" target="_blank">dc3.ads.foo.example.com</a>.<br>
<a href="http://ads.foo.example.com" target="_blank">ads.foo.example.com</a>. 3600 IN SOA <a href="http://dc3.ads.foo.example.com" target="_blank">dc3.ads.foo.example.com</a>. hostmaster. 1334667 900 600 86400 3600<br>
</blockquote><div><br></div><div>Nice. This is beginning to make more sense. Can you post the full dig +trace output? Feel free to pm me if you don't feel comfortable posting it to the list.<br><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
if I ask <a href="http://dc3.ads.foo.example.com" target="_blank">dc3.ads.foo.example.com</a> what <a href="http://dc3.ads.foo.example.com" target="_blank">dc3.ads.foo.example.com</a> is, it answers a.b.c.f<br>
if I ask <a href="http://dc3.ads.foo.example.com" target="_blank">dc3.ads.foo.example.com</a> what <a href="http://dc2.ads.foo.example.com" target="_blank">dc2.ads.foo.example.com</a> is, it answers a.b.c.d and a.b.c.e<br>
if I ask <a href="http://dc3.ads.foo.example.com" target="_blank">dc3.ads.foo.example.com</a> what <a href="http://dc1.ads.foo.example.com" target="_blank">dc1.ads.foo.example.com</a> is, it answers a.b.c.g<br>
<br></blockquote><div><br></div><div>Perfect. Confirm that dc1 and dc2 also return the same answers. It sounds very much like you need to delegate ads to dc1, dc2, and dc3, plus put in glue that points dc1 to a.b.c.g, dc2 to a.b.c.d and a.b.c.e, and dc3 to a.b.c.f:<br>
<br></div><div>$ORIGIN <a href="http://ads.foo.example.com" target="_blank">ads.foo.example.com</a>.<br></div><div>@ NS <a href="http://dc1.ads.foo.example.com" target="_blank">dc1.ads.foo.example.com</a>.<br></div><div>
@ NS <a href="http://dc2.ads.foo.example.com" target="_blank">dc2.ads.foo.example.com</a>.<br>
</div><div>@ NS <a href="http://dc3.ads.foo.example.com" target="_blank">dc3.ads.foo.example.com</a>.<br></div><div>dc1 A a.b.c.g<br>dc2 A a.b.c.d<br></div><div>dc2 A a.b.c.e<br></div><div>dc3 A a.b.c.f<br><br></div><div>
And that's all you should list. No need to create an A record for <a href="http://ads.foo.example.com" target="_blank">ads.foo.example.com</a> -- let their own nameservers handle that. Hopefully I understand you correctly that you manage DNS for <a href="http://foo.example.com" target="_blank">foo.example.com</a>, and that <a href="http://ads.foo.example.com" target="_blank">ads.foo.example.com</a> is delegated. If not, please let me know which subdomains you manage and which the department manages. It's entirely possible I've still misunderstood you.<br>
</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
So, I then tried:<br>
<br>
$ORIGIN <a href="http://ads.foo.example.com" target="_blank">ads.foo.example.com</a><br>
@ NS dc2<br>
NS dc3<br>
<div>dc2 A a.b.c.e<br>
dc3 A a.b.c.f<br>
<br>
</div>Which didn't help anything....<br>
<br></blockquote><div><br></div><div>This seems correct, apart from not delegating to dc1 as well, and not including glue for both of the dc2 IPs. Any reason not to delegate/glue dc1 as well?<br><br> <br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Anyways...I guess at this point the problem lies with the ADS setup....<br>
<span><font color="#888888"><br></font></span></blockquote><div><br></div><div>Definitely could be. But make sure your delegation is rock-solid first. Please post the full output (both A and NS queries) of your normal dig queries for <a href="http://ads.foo.example.com" target="_blank">ads.foo.example.com</a> and your dig +trace <a href="http://ads.foo.example.com" target="_blank">ads.foo.example.com</a>. Please also post your full zone config for <a href="http://foo.example.com" target="_blank">foo.example.com</a> and <a href="http://ads.foo.example.com" target="_blank">ads.foo.example.com</a>. Ok to pm me if you'd rather not post those to the list.<br>
<br></div><div><br></div><div>John</div></div></div></div>