<div dir="auto">You didn’t share much of your configuration except the one forwarded zone, not a lot to go on.</div><div dir="auto"><br></div><div dir="auto">But one thing to check, you do have recursion enabled on the server?</div><div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Feb 28, 2022 at 6:34 PM Gregory Sloop <<a href="mailto:gregs@sloop.net">gregs@sloop.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;padding-left:1ex;border-left-color:rgb(204,204,204)">            <div><p>Wow. I hate to be the guy who looks the gift horse in the mouth - but that just seems "wrong." :) </p><p>(Not the answer, but that that would be the way BIND wants it done.)</p><p> </p><p>So, now I've got two sets of NS and glue records? </p><p>Please tell me that's not the way BIND insists you do this!</p><p> </p><p>I guess I should try it, but dang.</p><p>Does anyone know for sure?</p></div><div><p> </p><p>  <br>
</p><p><br></p><p></p><blockquote class="m_-3218080885574776037rt">Add Delegating NS records:<div><br></div><div>ab.somedomain.local 3600 NS server1.ab.somedomain.local</div><div>.</div><div>.</div><div>.</div><div><br></div><div><br></div><div>And glue records</div><div><br></div><div>server1.ab.somedomain.local 3600 A 10.0.0.1</div><div>.</div><div>.</div><div><br></div><div><br></div><div>And see if it works. It’s got something to do with the way the record is matched (or not) before the forward statement is hit.</div><div><br></div><div>J</div><div><div><br><blockquote type="cite"><div>On Feb 28, 2022, at 3:47 PM, Gregory Sloop <<a href="mailto:gregs@sloop.net" target="_blank">gregs@sloop.net</a>> wrote:</div><br><div><div style="margin:0px;font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">So, I want to forward all queries for </div><div style="margin:0px;font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">*.ab.somedomain.local to some other internal DNS servers.</div><div style="margin:0px;font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">(Records in *.ab.somedomain.local actually are our active domain servers)</div><p style="margin:0px;font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none"> </p><div style="margin:0px;font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">(Yes, I know .local is reserved now, but we've been using it a long time and changing would be rather painful. Unless there's some horrible consequences, I think we'll just continue for now. We won't ever use mDNS.)</div><p style="margin:0px;font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none"> </p><div style="margin:0px;font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">zone "ab.somedomain.local" {</div><div style="margin:0px;font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">type forward;</div><div style="margin:0px;font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">forward only;</div><div style="margin:0px;font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">forwarders { 10.0.0.1; 10.0.0.2; 10.0.0.3; };</div><div style="margin:0px;font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">};</div><div style="margin:0px;font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none"><br></div><div style="margin:0px;font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">But this doesn't appear to do what I want.</div><p style="margin:0px;font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none"> </p><div style="margin:0px;font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">If I add the above to my regular BIND servers configuration, it doesn't return results like it's forwarding them. (I get NXOMAIN for abc.ab.somedomain.local.)</div><p style="margin:0px;font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none"> </p><div style="margin:0px;font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">If I do a dig @<a href="http://10.0.0.1" target="_blank" style="font-family:Helvetica">10.0.0.1</a> abc.ab.somedomain.local from the BIND server, I get a proper result. (force dig to use the AD name servers directly, instead of relying on the forward.)</div><p style="margin:0px;font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none"> </p><div style="margin:0px;font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">(And yes the resolv.conf file has the ip addresses of the main internal BIND servers in it, and those only.)</div><div style="margin:0px;font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">I've looked and while I think I'm doing it right, I'm not entirely sure.</div><div style="margin:0px;font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">I figured before I beat my head against the wall for too long, I'd ask the real experts! :)</div><p style="margin:0px;font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none"> </p><p style="margin:0px;font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none"></p><div class="m_-3218080885574776037email-signature" style="font-family:Arial;font-size:8pt;font-style:italic;font-weight:normal;text-decoration:none;font-variant-caps:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><br></div><span style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none;float:none;display:inline!important">--<span style="font-family:Helvetica"> </span></span><br><span style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none;float:none;display:inline!important">Visit<span style="font-family:Helvetica"> </span></span><a href="https://lists.isc.org/mailman/listinfo/bind-users" style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><span style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none;float:none;display:inline!important"><span style="font-family:Helvetica"> </span>to unsubscribe from this list</span><br><br><span style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none;float:none;display:inline!important">ISC funds the development of this software with paid support subscriptions. Contact us at<span style="font-family:Helvetica"> </span></span><a href="https://www.isc.org/contact/" style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px" target="_blank">https://www.isc.org/contact/</a><span style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none;float:none;display:inline!important"><span style="font-family:Helvetica"> </span>for more information.</span><br><br><br><span style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none;float:none;display:inline!important">bind-users mailing list</span><br><a href="mailto:bind-users@lists.isc.org" style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px" target="_blank">bind-users@lists.isc.org</a><br><a href="https://lists.isc.org/mailman/listinfo/bind-users" style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a></div></blockquote></div><br></div></blockquote><div class="m_-3218080885574776037email-signature"><br>
</div></div>-- <br>
Visit <a href="https://lists.isc.org/mailman/listinfo/bind-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list<br>
<br>
ISC funds the development of this software with paid support subscriptions. Contact us at <a href="https://www.isc.org/contact/" rel="noreferrer" target="_blank">https://www.isc.org/contact/</a> for more information.<br>
<br>
<br>
bind-users mailing list<br>
<a href="mailto:bind-users@lists.isc.org" target="_blank">bind-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/bind-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><br>
</blockquote></div></div>