Hi Renzo. Firstly, please can we see your BIND configuration and have the actual AD domain name.
Secondly, BIND, or any other recursive DNS server, does not 'forward' to the root servers, unless you have configured it explicitly to do so, which would be a bad idea and not work anyway. It will recurse (paradoxically, perform non-recursive aka iterative queries) to the roots and other authoritative servers. It is an important distinction to be aware of. Thirdly, I would not forward to AD DNS, unless the AD servers also recurse and can provide resolution for delegated names below the AD domain that are not hosted on the AD servers themselves. Personally I would use a stub or static-stub zone in BIND to refer to the AD domain. In general, decide which DNS is going to do the resolving and make that the control point, fetching data from wherever it needs to (e.g. AD DNS) - using non-recursive queries - and using that data to construct answers for its clients. I hope that helps. Cheers, Greg On Thu, 27 Jun 2024 at 12:02, Renzo Marengo <buckroger2...@gmail.com> wrote: > I have Active Directory domain ( 'mydomain.it' ) with 8 domain > controllers to manage 8000 computers. Every Domain controller acts as dns > service and resolve internal domain names while forward queries about > external domains to another server, which Bind9 dns server (It's inside my > company) > I'm checking this Bind9 configuration (Centos server) and I see no forward > servers so I think It makes bind9 forward queries directly to root servers. > What do you think ? > According your opinion this Bind9 server should have to forward requests > to one or more dns server by forward option? > > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support > subscriptions. Contact us at https://www.isc.org/contact/ for more > information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users >
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
