<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"Arial Black";
panose-1:2 11 10 4 2 1 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.EmailStyle18
{mso-style-type:personal-reply;
color:black;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black">Well, sharepoint.com is a CNAME to sharepoint.microsoft.com, so you might need to make arrangements for that to be resolvable as well.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black">
- Kevin<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black">P.S. I don’t think it matters – and I’m too lazy to check right now – but it’s remotely possible that the trailing period in your forwarding-zone definition (“sharepoint.com.”)
might be problematic. Easy enough to confirm/deny.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black"><img width="131" height="48" id="Picture_x0020_1" src="cid:image001.jpg@01D1F898.D6B9E700" alt="FCA_Pantone_email"></span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black">----------------------------------------------------------------------<o:p></o:p></span></b></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial Black","sans-serif";color:black">Kevin Darcy</span><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:black"><br>
NAFTA Information Security Projects</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial Black","sans-serif";color:black">FCA US LLC<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:black">1075 W Entrance Dr,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:black">Auburn Hills, MI 48326<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:black">USA<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:black">Telephone: +1 (248) 838-6601
<br>
Mobile: +1 (810) 397-0103<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:black">Email: kevin.darcy@fcagroup.com<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> bind-users [mailto:bind-users-bounces@lists.isc.org]
<b>On Behalf Of </b>anup albal<br>
<b>Sent:</b> Wednesday, August 17, 2016 6:00 AM<br>
<b>To:</b> bind-users@lists.isc.org<br>
<b>Subject:</b> Selective forwarding from an internal only name server<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div id="divtagdefaultwrapper">
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Calibri","sans-serif";color:black">Hi<br>
<br>
First up apologies if this is not the right list to email and for a long email. I am hoping you can give me a clue as to what I am doing wrong here? Or may be this is not supposed to work at all.<br>
<br>
We have an internal only DNS server (dns1) with fake root zone. i.e a fake file for the zone "." This serves all internal clients.<br>
We are running 9.6-ESV-R11-P2 for this.<br>
<br>
And we also have an external only DNS (ns1) which can talk to the internet for DNS queries and serves external clients.<br>
<br>
Now we have a requirement to have certain domains (e.g sharepoint.com) resolved on clients being served by dns1.
<br>
<br>
On dns1 I have setup a forward only zone called 'sharepoint.com' with ns1 set as the forwarder.<br>
And on the fake root zone file, I have added an entry for sharepoint like below<br>
sharepoint.com. NS ns1.org.domain.name.au.<br>
<br>
when i run a dig +trace sharepoint.com from dns1 I can resolve sharepoint.com <br>
But when i run it from an internal client it gets a Non-authoritative: No answer <br>
<br>
Below are my snippets of my named.conf on dns1 (internal)<br>
<br>
options {<br>
directory "/var/dns";<br>
forwarders { ip.of.ns1; };<br>
listen-on { ip.of.dns1; 127.0.0.1; };<br>
query-source address ip.of.dns1;<br>
notify-source ip.of.dns1;<br>
transfer-source ip.of.dns1;<br>
allow-transfer { xxx.xxx/16; }; <br>
transfer-format one-answer; // BIND9 (deal with Windows Server 2003)<br>
<br>
};<br>
<br>
<.....><br>
zone "." in {<br>
type master;<br>
file "fake/root";<br>
};<br>
<br>
zone "." in {<br>
type hint;<br>
file "/var/dns/fake/named.root";<br>
};<br>
zone "sharepoint.com." in {<br>
type forward;<br>
forward only;<br>
forwarders {ip.of.ns1;};<br>
};<br>
<br>
The file fake/root has entries like below (ip and domain names changed for security)<br>
<br>
$TTL 86400<br>
; NOTE: TTL based on from Bind8 SOA record<br>
;<br>
; This file contains *fake* DNS Resource Records for the root domain (.)<br>
;<br>
<br>
. IN SOA dns1.org.domain.name.au. xxx.dns1.org.domain.name.au. (<br>
2016081608 ; serial<br>
10800 ; refresh<br>
3600 ; retry<br>
3600000 ; expire<br>
86400 ) ; minimum<br>
<br>
. NS dns1.org.domain.name.au.<br>
;. NS dns2.org.domain.name.au.<br>
<br>
com.au. NS dns1.org.domain.name.au.<br>
sharepoint.com. NS ns1.org.domain.name.au.<br>
difforg.diffdomain.au. NS dns1.org.domain.name.au.<br>
<br>
0.0.127.in-addr.arpa. NS dns1.org.domain.name.au.<br>
<br>
xxx.xxx.in-addr.arpa. NS dns1.org.domain.name.au.<br>
<br>
localhost. A 127.0.0.1<br>
<br>
; Glue<br>
dns1.org.domain.name.au. A ip.of.dns1<br>
ns1.org.domain.name.au. A ip.of.ns1<br>
;dns2.org.domain.name.au. A xxx.xxx.xxx.xxx<br>
<br>
The root hints file (named.root) has below <br>
<br>
. 3600 IN NS dns1.org.domain.name.au<br>
dns1 3600 A ip.of.dns1<br>
<br>
<br>
nslookup on a client returns this<br>
nslookup sharepoint.com<br>
Server: ip.of.dns1<br>
Address: ip.of.dns1#53<br>
<br>
Non-authoritative answer:<br>
*** Can't find sharepoint.com: No answer<br>
<br>
And running dig on a client returns this<br>
dig +trace sharepoint.com<br>
<br>
; <<>> DiG 9.3.4-P1 <<>> +trace sharepoint.com<br>
;; global options: printcmd<br>
. 86400 IN NS dns1.org.domain.name.au.<br>
;; Received 69 bytes from ip.of.dns1#53(ip.of.dns1) in 1 ms<br>
<br>
sharepoint.com. 86400 IN NS ns1.org.domain.name.au.<br>
;; Received 84 bytes from ip.of.dns1#53(dns1.org.domain.name.au) in 0 ms<br>
<br>
;; connection timed out; no servers could be reached<o:p></o:p></span></p>
</div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Calibri","sans-serif";color:black"><o:p> </o:p></span></p>
<p style="background:white"><span style="font-family:"Calibri","sans-serif";color:black"><br>
Regards<o:p></o:p></span></p>
<p style="background:white"><span style="font-family:"Calibri","sans-serif";color:black">Anup<o:p></o:p></span></p>
</div>
</div>
</body>
</html>