I currently have my Bind DNS server set up to query from root servers and I have an Active Directory sub domain delegated in my DNS settings. My named.conf.options currently looks like this:
acl internals { 172.16.0.0/12; 192.168.0.0/16; 127.0.0.1;};
options {
directory "/var/cache/bind";
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
allow-query { internals; };
allow-recursion { internals; };
};
controls {
inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
};
And my AD subdomain is delegated like this:
directory IN NS ds1.directory.domain.com.
ds1.directory.domain.com. IN A 192.168.0.60
Everything works great here, but I would like to set up DNS forwarders instead of using the root servers. I've added the following to my named.conf.options file:
forwarders {
208.67.222.222;
208.67.220.220;
};
forward only;
dnssec-enable yes;
dnssec-validation yes;
This also seems to work, but now my AD subdomain is not working. If I try to ping directory.domain.com, it tells me unknown host. Is there somethign special I have to do with delegated sub domains when forwarding DNS requests? I'm guessing the subdomain is getting forwarded to the external DNS server. How can I get it to resolve to my DNS server first?
Thanks!
Best Answer
I figured it out. I have to cancel the forwarders on my authoritative zone. Otherwise queries will be forwarded to my global forwarding rule. So my zone in named.conf.local looks like this: