Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

NIOS DNS DHCP IPAM

Reply

Forward subzone inside Authorative zone

New Member
Posts: 1
1769     1

Dears,

 

Within our default internal DNS view, I created a forward subzone (fe: sub.domain.com) inside an authorative zone (fe: domain.com). 

This does not seem to work as expected. 

When trying to resolve xyz.sub.domain.com, nothing gets forwarded and I'm getting a "Non-existent domain" response. 
Forwarders are set to working public DNS servers. Firewalls are open.

Forwarding members are set as our internal DNS grid members. 

Is this setup supposed to work?
Thanks!
Kind regards, 
Lode (Belgium)

Re: Forward subzone inside Authorative zone

[ Edited ]
Superuser
Posts: 81
1769     1

Hello,

 

When your query for xyz.sub.domain.com is processed by named, it finds that there's an authoritative domain for domain.com & will try to resolve the query authoritatively. In the absence of something like an NS record for sub.domain.com within the zone database for domain.com, it doesn't know that it should be sending that query to your conditional forwarder - so NXDOMAIN is reasonable. While I do not know what NIOS version is your system running on, can you edit the conditional forwarder for "sub.domain.com" -> Go to "Forwarders" -> Below your forwarder IP address(s), you might see 2 options :

 

1) An option which says "Disable auto-generation of NS records in parent authoritative zone". This specific option has to be "Unchecked"(If not already). The expectation is, when you uncheck that option, you should see an NS record for "sub" within domain.com's "Records" list(Make sure that you could see it when you go to domain.com's records).

 

2) Ensure that you Enable "Forwarders only".

 

Clear the cache(Either fully or for the respective domains) & start a packet capture on your server which receives the query & is expected to contact your forwarder to resolve xyz.sub.domain.com. You should see the query for xyz.sub.domain.com going to the forwarder configured. 

 

Best regards,

 

Showing results for 
Search instead for 
Did you mean: 

Recommended for You