How to forward a subzone
I'm using Bind9 as the DNS server for my office.
We have a zone: example.com. which has to be resolved from our DNS server as authoritative.
On the other hand, we have a sub.example.com. zone, which has to be forwarded to other DNS server.
Bind answers propery when we query for any record at the example.com. zone. But it fails for queries about sub.example.com. as it doesn't do the forwarding. It keeps on looking for the answer locally.
This is the named.conf file
zone "sub.example.com" IN { type forward;
forwarders {172.21.238.229;172.21.238.230;};
forward only;
};
zone "example.com" {
type master;
forwarders {};
file "/etc/named/example.com.db";
};
This is the example.com.db file content:
$ORIGIN example.com.
$TTL 1W
@ IN SOA dnsldes.example.com. postmaster.example.com. (
6 ; serial number
3600 ; refresh [1h]
600 ; retry [10m]
86400 ; expire [1d]
3600 ) ; min TTL [1h]
;
IN NS dnsldes.example.com.
bdred IN A 172.22.2.150
dnsldes IN A 172.21.229.159
This is the output for bdred.example.com query using dig client(which is ok):
; <<>> DiG 9.8.1-P1 <<>> bdred.sub.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 9764
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;bdred.sub.example.com. IN A
;; AUTHORITY SECTION:
example.com. 3600 IN SOA dnsldes.example.com. postmaster.example.com. 6 3600 600 86400 3600
;; Query time: 4 msec
;; SERVER: 172.21.229.159#53(172.21.229.159)
;; WHEN: Mon Mar 11 12:55:02 2013
;; MSG SIZE rcvd: 94
And this is the answer for the dig query, which is not working propery:
; <<>> DiG 9.8.1-P1 <<>> bdred.sub.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 26555
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;bdred.sub.example.com. IN A
;; AUTHORITY SECTION:
example.com. 3600 IN SOA dnsldes.example.com. postmaster.example.com. 6 3600 600 86400 3600
;; Query time: 4 msec
;; SERVER: 172.21.229.159#53(172.21.229.159)
;; WHEN: Mon Mar 11 13:09:07 2013
;; MSG SIZE rcvd: 94
Please, what are we doing wrong?
Answer
The solution is no to create a zone in the named.conf. The solution is to use zone delegation as follows:
$ORIGIN example.com.
$TTL 1W
@ IN SOA dnsldes.example.com. postmaster.example.com. (
6 ; serial number
3600 ; refresh [1h]
600 ; retry [10m]
86400 ; expire [1d]
3600 ) ; min TTL [1h]
;
IN NS dnsldes.example.com.
dnsldes IN A XXX.XXX.XXX.XXX
bahamas IN CNAME bdred
; Delegations and Glue
$ORIGIN sub.example.com.
@ IN NS lmzdns1.sub.example.com.
IN NS lmzdns2.sub.example.com.
lmzdns1 IN A XXX.XXX.XXX.XXX
lmzdns2 IN A XXX.XXX.XXX.XXX