You didn’t share much of your configuration except the one forwarded zone, not a lot to go on.
But one thing to check, you do have recursion enabled on the server? On Mon, Feb 28, 2022 at 6:34 PM Gregory Sloop <gr...@sloop.net> wrote: > Wow. I hate to be the guy who looks the gift horse in the mouth - but that > just seems "wrong." :) > > (Not the answer, but that that would be the way BIND wants it done.) > > > > So, now I've got two sets of NS and glue records? > > Please tell me that's not the way BIND insists you do this! > > > > I guess I should try it, but dang. > > Does anyone know for sure? > > > > > > > Add Delegating NS records: > > ab.somedomain.local 3600 NS server1.ab.somedomain.local > . > . > . > > > And glue records > > server1.ab.somedomain.local 3600 A 10.0.0.1 > . > . > > > And see if it works. It’s got something to do with the way the record is > matched (or not) before the forward statement is hit. > > J > > On Feb 28, 2022, at 3:47 PM, Gregory Sloop <gr...@sloop.net> wrote: > > So, I want to forward all queries for > *.ab.somedomain.local to some other internal DNS servers. > (Records in *.ab.somedomain.local actually are our active domain servers) > > > (Yes, I know .local is reserved now, but we've been using it a long time > and changing would be rather painful. Unless there's some horrible > consequences, I think we'll just continue for now. We won't ever use mDNS.) > > > zone "ab.somedomain.local" { > type forward; > forward only; > forwarders { 10.0.0.1; 10.0.0.2; 10.0.0.3; }; > }; > > But this doesn't appear to do what I want. > > > If I add the above to my regular BIND servers configuration, it doesn't > return results like it's forwarding them. (I get NXOMAIN for > abc.ab.somedomain.local.) > > > If I do a dig @10.0.0.1 abc.ab.somedomain.local from the BIND server, I > get a proper result. (force dig to use the AD name servers directly, > instead of relying on the forward.) > > > (And yes the resolv.conf file has the ip addresses of the main internal > BIND servers in it, and those only.) > I've looked and while I think I'm doing it right, I'm not entirely sure. > I figured before I beat my head against the wall for too long, I'd ask the > real experts! :) > > > > > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support > subscriptions. Contact us at https://www.isc.org/contact/ for more > information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > > > > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support > subscriptions. Contact us at https://www.isc.org/contact/ for more > information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users >
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users