Adding a Forwarding Zone (Bind 9.9.2)

Wed Dec 5 22:25:58 MST 2012

On Thu, Dec 6, 2012 at 9:22 AM, Amitay Isaacs <amitay at gmail.com> wrote:

> Hi Charles,
>
> On Thu, Dec 6, 2012 at 5:51 AM, Charles Tryon <charles.tryon at gmail.com>wrote:
>
>> I am trying to set up the DNS on my Samba4 system to forward requests for
>> a
>> different zone to another server.  I can create the empty zone, but then
>> can't figure out how to create a SOA record in the zone.  This is on a
>> fairly new CentOS base server, running the latest version (9.9.2) of Bind,
>> with the original tables set up using the Samba3/Samba4 migration process
>> (as of maybe 6 months ago, back in the Beta releases).  I'm running a
>> recent version of Samba4 from Git Version (4.1.0pre1-GIT-2ad5620)
>>
>> The main zone for this domain is mydomain.com.  I have another DNS server
>> (running on a different Win2008R2 AD controller) which is authoritative
>> for
>> the domain "global.local".  I would like to forward requests which come
>> into my Bind server referencing the global.local domain to get forwarded
>> to
>> the other controller.
>>
>> I'm no DNS wizard so I'm not even sure I have the terminology right, but
>> my
>> understanding is that the old way to do it would be to add a zone
>> definition (of type "forward") into the named.conf file, and then supply a
>> forward to IP.
>>
>
> Yes. That's the easiest option. You can add following entry in your
> named.conf.
>
> zone "global.local" IN {
>     type "forward";
>     forwarders { ip.address.of.dns-server; };
> };
>
> This should tell BIND to forward all the queries for domain global.local
> to ip.address.of.dns-server.
>
>
>> I've looked through posts in this group, and what I've seen so far is that
>> you either use the "Windows Way" and use the MS RSA tools and the DNS "Add
>> Domain" wizard, or you do it on the command line with the samba-tool dns
>> commands, first creating an empty domain and then adding an "@" record or
>> SOA.
>>
>> The MS DNS tool, running on a Win7 client added to the domain (logged in
>> with a user in the DnsAdmins group) lets me get up to the point where I
>> create a "Secondary zone", and then add the IP address for the DNS server.
>>  However, when I enter the IP (and it comes back with the correct FQDN),
>> it
>> tells me:
>>
>>       Validation Error, please try later.
>>
>> If I hit Next, it gives me the error:
>>
>>       The zone cannot be created.
>>       This function is not supported on this system.
>>
>> Does this sound like an incompatibility between the MS tools and the Bind
>> 9.9 tools?  Or, is there something that needs to be changed on the other
>> MS
>> Windows DNS controller to allow forwarded queries?
>>
>>
> I will have to check why this doesn't work. May be it's using some
> additional RPC call which is not implemented. When you try to add secondary
> zone via MS DNS tool, can you check if there is anything in the logs that
> would give indication of why it's not working?
>
>
>> Approaching from the command line (where I'm always more comfortable
>> anyway...), I can create the empty zone with the samba-tool dns zoneadd
>> command, but I have not yet found any instructions on how to change that
>> into a secondary zone, or point the SOA.
>>
>> Ideas?  Pointers to Wikis?
>>
>
> This has been reported by others. The code to add SOA record is currently
> missing and needs to be added. Patches welcome. ;-)
>
>

After looking at the code I found a bug in handling of SOA records. The
fixed code is available in my dns-wip branch if you would like to try it.

When you create a new zone, SOA and NS entries for @ record are filled in
automatically.  With the changes in dns-wip branch now you can update SOA
record using samba-tool dns command.

Git repo: git://git.samba.org/amitay/samba.git
Git web:
https://git.samba.org/?p=amitay/samba.git;a=shortlog;h=refs/heads/dns-wip

Amitay.