<html><head> <style type="text/css" title="rt_noDelete">
blockquote.rt {
margin: 0 0 15px;
border-left: 4px solid #81c784;
padding: 0 0 0 12px;
display: block;
}
p { margin: 0 0 0 0 }
.email-signature {font-family:"Arial"; font-size: 8pt; font-style: italic; font-weight: normal; text-decoration: none; }
</style></head><body><p class="norm">This got held up in moderation. Let me repost it, from my regular mail client...</p><p class="norm"> <br/>
</p><p class="norm"></p><p class="norm"></p><blockquote class="rt"><div dir="auto"><p></p>
</div></blockquote><p> </p><blockquote class="rt"><div dir="auto"><p></p>You didn’t share much of your configuration except the one forwarded zone, not a lot to go on.</div></blockquote><p>
</p><p>Fair enough. (I guess I thought you could just infer all the needed information! <grin> Oops!)</p>
<p><br/></p>
<p>Let me try Ondrej's static-sub and see if that makes a difference.</p>
<p><br/></p>
<p>As for more detail.</p>
<p>Yeah, it's a recursive resolver, used internally only.</p>
<p>It's also authoritative for the somedomain.local zone.</p>
<p>I simply want(ed) to pass queries for *.ad.somedomain.local to another server(s), so thought the forwarder setup was the right way to do that.</p>
<p><br/></p>
<p>Sorry for being so lame in not providing enough detail - I think I just figured I must be doing something terribly wrong and the forwarder setup must be wrong in some obvious detail I wasn't seeing. </p>
<p>That doesn't appear to be the case, so we'll look again, try static-sub and then re-group if it doesn't work.</p>
<p><br/></p>
<p>Thanks all!</p><p> </p><blockquote class="rt"><div dir="auto"></div><div dir="auto"><br/></div><div dir="auto">But one thing to check, you do have recursion enabled on the server?</div><div><br/><div class="gmail_quote"><div class="gmail_attr" dir="ltr">On Mon, Feb 28, 2022 at 6:34 PM Gregory Sloop <<a href="mailto:gregs@sloop.net">gregs@sloop.net</a>> wrote:<br/></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;padding-left:1ex;border-left-color:rgb(204,204,204)"> <div><p>Wow. I hate to be the guy who looks the gift horse in the mouth - but that just seems "wrong." :) </p><p>(Not the answer, but that that would be the way BIND wants it done.)</p><p> </p><p>So, now I've got two sets of NS and glue records? </p><p>Please tell me that's not the way BIND insists you do this!</p><p> </p><p>I guess I should try it, but dang.</p><p>Does anyone know for sure?</p></div><div><p> </p><p> <br/>
</p><p><br/></p><p></p><blockquote class="m_-3218080885574776037rt">Add Delegating NS records:<div><br/></div><div>ab.somedomain.local 3600 NS server1.ab.somedomain.local</div><div>.</div><div>.</div><div>.</div><div><br/></div><div><br/></div><div>And glue records</div><div><br/></div><div>server1.ab.somedomain.local 3600 A 10.0.0.1</div><div>.</div><div>.</div><div><br/></div><div><br/></div><div>And see if it works. It’s got something to do with the way the record is matched (or not) before the forward statement is hit.</div><div><br/></div><div>J</div><div><div><br/><blockquote type="cite"><div>On Feb 28, 2022, at 3:47 PM, Gregory Sloop <<a href="mailto:gregs@sloop.net" target="_blank">gregs@sloop.net</a>> wrote:</div><br/><div><div style="margin:0px;font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">So, I want to forward all queries for </div><div style="margin:0px;font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">*.ab.somedomain.local to some other internal DNS servers.</div><div style="margin:0px;font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">(Records in *.ab.somedomain.local actually are our active domain servers)</div><p style="margin:0px;font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none"> </p><div style="margin:0px;font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">(Yes, I know .local is reserved now, but we've been using it a long time and changing would be rather painful. Unless there's some horrible consequences, I think we'll just continue for now. We won't ever use mDNS.)</div><p style="margin:0px;font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none"> </p><div style="margin:0px;font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">zone "ab.somedomain.local" {</div><div style="margin:0px;font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">type forward;</div><div style="margin:0px;font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">forward only;</div><div style="margin:0px;font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">forwarders { 10.0.0.1; 10.0.0.2; 10.0.0.3; };</div><div style="margin:0px;font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">};</div><div style="margin:0px;font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none"><br/></div><div style="margin:0px;font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">But this doesn't appear to do what I want.</div><p style="margin:0px;font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none"> </p><div style="margin:0px;font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">If I add the above to my regular BIND servers configuration, it doesn't return results like it's forwarding them. (I get NXOMAIN for abc.ab.somedomain.local.)</div><p style="margin:0px;font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none"> </p><div style="margin:0px;font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">If I do a dig @<a href="http://10.0.0.1" style="font-family:Helvetica" target="_blank">10.0.0.1</a> abc.ab.somedomain.local from the BIND server, I get a proper result. (force dig to use the AD name servers directly, instead of relying on the forward.)</div><p style="margin:0px;font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none"> </p><div style="margin:0px;font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">(And yes the resolv.conf file has the ip addresses of the main internal BIND servers in it, and those only.)</div><div style="margin:0px;font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">I've looked and while I think I'm doing it right, I'm not entirely sure.</div><div style="margin:0px;font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">I figured before I beat my head against the wall for too long, I'd ask the real experts! :)</div><p style="margin:0px;font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none"> </p><p style="margin:0px;font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none"></p><div class="m_-3218080885574776037email-signature" style="font-family:Arial;font-size:8pt;font-style:italic;font-weight:normal;text-decoration:none;font-variant-caps:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><br/></div><span style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none;float:none;display:inline!important">--<span style="font-family:Helvetica"> </span></span><br/><span style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none;float:none;display:inline!important">Visit<span style="font-family:Helvetica"> </span></span><a href="https://lists.isc.org/mailman/listinfo/bind-users" style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><span style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none;float:none;display:inline!important"><span style="font-family:Helvetica"> </span>to unsubscribe from this list</span><br/><br/><span style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none;float:none;display:inline!important">ISC funds the development of this software with paid support subscriptions. Contact us at<span style="font-family:Helvetica"> </span></span><a href="https://www.isc.org/contact/" style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px" target="_blank">https://www.isc.org/contact/</a><span style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none;float:none;display:inline!important"><span style="font-family:Helvetica"> </span>for more information.</span><br/><br/><br/><span style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none;float:none;display:inline!important">bind-users mailing list</span><br/><a href="mailto:bind-users@lists.isc.org" style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px" target="_blank">bind-users@lists.isc.org</a><br/><a href="https://lists.isc.org/mailman/listinfo/bind-users" style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a></div></blockquote></div><br/></div></blockquote><div class="m_-3218080885574776037email-signature"><br/>
</div></div>-- <br/>
Visit <a href="https://lists.isc.org/mailman/listinfo/bind-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list<br/>
<br/>
ISC funds the development of this software with paid support subscriptions. Contact us at <a href="https://www.isc.org/contact/" rel="noreferrer" target="_blank">https://www.isc.org/contact/</a> for more information.<br/>
<br/>
<br/>
bind-users mailing list<br/>
<a href="mailto:bind-users@lists.isc.org" target="_blank">bind-users@lists.isc.org</a><br/>
<a href="https://lists.isc.org/mailman/listinfo/bind-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><br/>
</blockquote></div></div>
</blockquote><br/>
<div class="email-signature">-- <br/>
Gregory Sloop, Principal: Sloop Network & Computer Consulting<br/>
Voice: 503.251.0452 x121<br/>
EMail: <a class="HR" href="mailto:gregs@sloop.net">gregs@sloop.net</a><br/>
<a class="HR" href="http://www.sloop.net">http://www.sloop.net</a><br/>
---<br/>
</div></body>