But surely you’d get an NXDOMAIN in that case, not a SERVFAIL. The assumption I made in my post was that the delegation was pointed to the forwarding BIND instance, which is a non-starter.
- Kevin From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Ben Croswell Sent: Tuesday, October 10, 2017 11:38 AM To: seanliam73 <sean.orei...@landg.com> Cc: bind-users@lists.isc.org Subject: Re: Forwarding from delegated zone not working If the AD environment loads company.com<http://company.com> you need to make sure it has NS delegations. The nameserver will ignore the zone forwarded if it knows the child doesn't exist. On Oct 10, 2017 11:22 AM, "seanliam73" <sean.orei...@landg.com<mailto:sean.orei...@landg.com>> wrote: Hi I have a subdomain delegated from AD to a bind9 instance I have running that so that all requests for that subdomain are sent to the bind 9 instance. I would then like to set up zone forwarding so that further subdomains can be managed by other bind 9 instances. I know the forwarding is working because I can query the main bind9 instance at receive the expected results. However if I query from the AD server that is doing the delegation I get a SERVFAIL error. Am I trying to do something that is not possible or am I just missing some configuration. *main instance config* options { directory "/var/named"; listen-on port 53 { listen addr; }; auth-nxdomain yes; recursion yes; allow-query { ip addresses; }; listen-on-v6 { any; }; dnssec-enable no; dnssec-validation no; dnssec-lookaside auto; }; logging { channel default_debug { file "data/named.run"; severity debug 3; }; channel querylog { file "data/query.log"; severity debug 5; }; category default { default_debug; }; category queries { querylog; }; }; zone "example.company.com<http://example.company.com>" IN { type forward; forward only; forwarders { ip address; }; }; zone "development.example.company.com<http://development.example.company.com>" IN { type forward; forward only; forwarders { ip address; }; }; -- Sent from: http://bind-users-forum.2342410.n4.nabble.com/ _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org<mailto:bind-users@lists.isc.org> https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users