I am wanting to get Bind to answer for primary domain and then onpass queries for sub domain to MS DNS. I dont really want to try and get MS AD to use BIND :)
In Future in the back of my mind DNSSEC and LetsEnc/Certbot are probably going to have to get implemented.
But first, I cant get it to work as it stands.
This is where I had got to
In Bind9
/etc/bind/named.conf
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
/etc/bind/named.conf.local
acl internals {
127.0.0.0/8;
10.8.23.0/24;
10.2.0.0/24;
};
view "internal" {
match-clients { internals; };
allow-recursion { internals; };
zone "example.uk" {
type master;
file "/etc/bind/internals/db.example.uk";
allow-transfer { 10.8.23.74; };
also-notify { 10.8.23.74; };
};
};
/etc/bind/internals/db.example.uk
$ORIGIN uk.
$TTL 604800
ecample IN SOA ns1.example.uk. hostmaster.example.uk (
3 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
$ORIGIN example.uk.
IN NS ns1.example.uk.
IN NS ns2.example.uk.
ns1 IN A 10.8.23.73
ns2 IN A 10.8.23.74
mail IN A 10.8.23.80
$ORIGIN sub.example.uk.
IN NS 10.8.23.15
/etc/bind/named.conf.options
options {
dnssec-validation auto;
listen-on-v6 { none; };
allow-query { any; };
};
dig @10.8.23.73 ns1.example.com returns 10.8.23.73
dig @10.8.23.15 ns1.sub.example.uk returns 10.8.23.15 (as that is set in MS DNS)
But dig @10.8.23.73 ns1.sub.example.uk returns Answers 0
