<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.EmailStyle17
{mso-style-type:personal-reply;
color:black;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black">As others have commented, more information about your config and your setup need to be provided, before a proper troubleshooting can occur. I would add, you should
be more specific than just “resolution error”. Is it a timeout? An NXDOMAIN? A SERVFAIL? A so-called “NODATA” response or a referral (i.e. NOERROR, but 0 answers)? You might need to use a tool like “dig” to see for sure what the response is (nslookup often
triggers domain-suffixing behavior, which obfuscates the actual error, so I would stay away from nslookup as a DNS troubleshooting tool). Another important piece of information about the response is the status of the flags, e.g. whether the RA (Recursion Available)
and/or AA (Authoritative Answer) flags are set.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black">What I would say, generally, is that if you want your new setup to look as close as possible to your old setup, then your new server should be authoritative for
the same zones as your old server is/was. Thus, I would lean in the direction of making the new server slave for those zones. That will give you a better “apples-to-apples” comparison, than trying to mix-and-match authoritative and forwarding behavior, which
can greatly complicate things.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black">
- Kevin<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> bind-users [mailto:bind-users-bounces@lists.isc.org]
<b>On Behalf Of </b>Elias Pereira<br>
<b>Sent:</b> Wednesday, May 17, 2017 4:44 PM<br>
<b>To:</b> bind-users@lists.isc.org<br>
<b>Subject:</b> DNS forwarding<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">Hello,<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<div>
<p class="MsoNormal">Our scenario today consists of one:<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">- DNS Server (Authoritative to our subdomains. Ex: <a href="http://www.mydomain.com">
www.mydomain.com</a>*, <a href="http://moodle.mydomain.com">moodle.mydomain.com</a>, etc)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">- samba3 PDC server<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">- Openldap server (user base for samba)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">All our IPs are public.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">This scenario above works like a charm!! :D<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Now, I'm implementing a new samba4 AD server.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">In order for me to be able to put users in the AD domain, I need to configure the samba4 AD IP as primary dns on the computers. In the bind installed on samba4 AD I configured the "forwarder" variable with the IP of our DNS server.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">The problem is that from this computer, if I need to access an internal subdomain, for example our webserver*, I can not access. Gives resolution error. For any other site, for example,
<a href="http://google.com">google.com</a>, I can access.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">I'm not finding the problem. Any idea?<o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<p class="MsoNormal">-- <o:p></o:p></p>
<div>
<p class="MsoNormal">Elias Pereira<o:p></o:p></p>
</div>
</div>
</div>
</div>
</body>
</html>