Adding a Forwarding Zone (Bind 9.9.2)

Charles Tryon charles.tryon at gmail.com
Wed Dec 5 11:51:03 MST 2012 

I am trying to set up the DNS on my Samba4 system to forward requests for a
different zone to another server.  I can create the empty zone, but then
can't figure out how to create a SOA record in the zone.  This is on a
fairly new CentOS base server, running the latest version (9.9.2) of Bind,
with the original tables set up using the Samba3/Samba4 migration process
(as of maybe 6 months ago, back in the Beta releases).  I'm running a
recent version of Samba4 from Git Version (4.1.0pre1-GIT-2ad5620)

The main zone for this domain is mydomain.com.  I have another DNS server
(running on a different Win2008R2 AD controller) which is authoritative for
the domain "global.local".  I would like to forward requests which come
into my Bind server referencing the global.local domain to get forwarded to
the other controller.

I'm no DNS wizard so I'm not even sure I have the terminology right, but my
understanding is that the old way to do it would be to add a zone
definition (of type "forward") into the named.conf file, and then supply a
forward to IP.

I've looked through posts in this group, and what I've seen so far is that
you either use the "Windows Way" and use the MS RSA tools and the DNS "Add
Domain" wizard, or you do it on the command line with the samba-tool dns
commands, first creating an empty domain and then adding an "@" record or
SOA.

The MS DNS tool, running on a Win7 client added to the domain (logged in
with a user in the DnsAdmins group) lets me get up to the point where I
create a "Secondary zone", and then add the IP address for the DNS server.
 However, when I enter the IP (and it comes back with the correct FQDN), it
tells me:

      Validation Error, please try later.

If I hit Next, it gives me the error:

      The zone cannot be created.
      This function is not supported on this system.

Does this sound like an incompatibility between the MS tools and the Bind
9.9 tools?  Or, is there something that needs to be changed on the other MS
Windows DNS controller to allow forwarded queries?


Approaching from the command line (where I'm always more comfortable
anyway...), I can create the empty zone with the samba-tool dns zoneadd
command, but I have not yet found any instructions on how to change that
into a secondary zone, or point the SOA.

Ideas?  Pointers to Wikis?




-- 
    Charles Tryon
_________________________________________________________________________
  “Risks are not to be evaluated in terms of the probability of success,
but in terms of the value of the goal.”
                - Ralph D. Winter

More information about the samba-technical mailing list