How to proper delegate domain in BIND for Active Directory servers
if i understood your question correctly you would like to forward DNS requests to the AD DNS Server. For that you to not need any NS or A Record. Just forward the domain to the servers in named.conf
zone "domain.com" {
type forward;
forward only;
forwarders { 10.0.1.101; 10.0.1.102; };
};
B14D3
Updated on September 18, 2022Comments
-
B14D3 almost 2 years
I have to delegate domain for AD serwers. Let say example.com and I'm using Bind(dns.bind.com) on CentOS.
I added proprer configuration to named.conf and using A,NS records delegate domain to AD servers with DNS service. After that all questions should be transfered to those AD(lets call them dc1.example.com and dc2.example.com) servers even when I'm asking my DNS BIND (or am I wrong?)
Now when I execute :
dig @dns.bind.com example.com AI get nothing but when executedig @dns.bind.com example.com AI get nice answare pointing to ip of dc1.example.com (and that is correct).Now I'm not AD administrator, I don't even have access to that AD servers. I'm admin of dns.bind.com so maybe I don't know something...
On dns.bind.com I did something like that to delegate example.com to AD servers:
named.conf:
zone "example.com" { type master; file "example.com.hosts"; allow-update { none; }; allow-transfer { aclgroup1; }; allow-query { any; }; also-notify { 192.168.1.105; 192.168.1.106; 192.168.2.10; 192.168.2.11; 192.168.3.23; }; };example.com.hosts:
$TTL 1H @ SOA @ root ( 2013120401 ; serial number 10M ; refresh 30M ; retry 10D ; expiry 1H ; minimum ) ; NS dc1.example.com. NS dc2.example.com. dc1 A 10.0.1.101 dc2 A 10.0.1.102Maybe this is wrong configuration for delegating whole domain? Before I was delegating only subdomains and not for using with AD (nobody camplained then ;) so I think that was working well).
-
B14D3 over 10 yearsYup that's the right answare. I did that and every thing works fine :)