I'm dealing with an environment where domain.com is, of course, delegated in the root servers, but there is also a set of Windows AD servers that are authoritative for domain.com. I wanted to manage DNS for my labs, so, in the AD servers, I delegated sub.domain.com to a couple of centOS servers running bind. Now, "the powers that be" want all of my lab machines to use my DNS servers rather than the AD servers. The problem with this is, all queries for domain.com are now handled via the root servers to the servers handling the "real" domain.com, which is completely different from the zone served by the AD servers. On top of that, reverse DNS no longer works.
I could add zones for domain.com and all in-addr.arpa zones consiting of NS records, but that doesn't feel right. Also, it wouldn't help the next time someone adds an IP range that's being handled by AD. Is there a way to tell my bind servers to forward all queries they don't have an answer for up to the AD servers? Could it be as simple as configuring them to use the AD servers as root servers? Would that keep Internet name resolution working properly? -- * John Oliver http://www.john-oliver.net/ *
