On 3/19/2013 8:30 PM, Gerry Reno wrote:
On 03/19/2013 08:10 PM, b...@bitrate.net wrote:
On Mar 18, 2013, at 23.04, Gerry Reno <gr...@verizon.net> wrote:
On 03/18/2013 10:25 PM, b...@bitrate.net wrote:
On Mar 18, 2013, at 20.27, Gerry Reno <gr...@verizon.net> wrote:
Using BIND 9.8.2
When you setup Samba 4 AD DC using BIND9_DLZ and your domain has external
servers (eg: www,mail) at external providers
this means that the ISP and the internal network nameservers will both have SOA
record for the domain.
it's not really anything particularly related to samba or dlz. it's just two different
computers serving the same zone. you're just "hijacking" or overloading that
particular label. in addition to declaring the zone in your config, you'll need to
delegate that new zone from the parent.
it's worth noting that this scales poorly. having to add delegations and zone
declarations for every label for which this is desired becomes quickly
prohibitive. instead, i'd suggest using a subdomain for samba - e.g. something
like ad.example.com. there are a number of other solutions as well which would
likely be more sensible than hijacking labels.
-ben
If it was more than just a few labels I would do it another way.
But this will suffice, if I can only get bind to actually get the forward zone
working.
I don't need any delegation. I'm not looking to slave the zone.
as i said, you'll need to delegate that new zone from the parent. i'm not sure
what slaves zones would have to do with that.
As I said, if I was going to do this for a bunch of labels I would add an
external view and just slave it from the ISP
which holds the SOA for the external answers.
And sure delegation works. You don't even need a forward zone.
So what exactly is the use case for this forward zone?
If you can achieve what you want through delegation alone, and unless
you think that you can squeeze out a performance benefit by forwarding
to a "rich cache", then yeah, there is no compelling use case for
forwarding and you shouldn't do it. Selective forwarding is most
commonly employed when you can't talk directly to the authoritative
nameservers for the zone and need to go through an intermediate resolver.
I see a number of postings over several y ears where people
have not been able to get the forward zone working.
Probably because they don't follow the simple advice to delegate the zone.
- Kevin
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
