10-27-2022 02:55 AM
Within our default internal DNS view, I created a forward subzone (fe: sub.domain.com) inside an authorative zone (fe: domain.com).
This does not seem to work as expected.
When trying to resolve xyz.sub.domain.com, nothing gets forwarded and I'm getting a "Non-existent domain" response.
Forwarders are set to working public DNS servers. Firewalls are open.
Forwarding members are set as our internal DNS grid members.
Is this setup supposed to work?
10-27-2022 03:16 PM - edited 06-27-2023 01:15 PM
When your query for xyz.sub.domain.com is processed by named, it finds that there's an authoritative domain for domain.com & will try to resolve the query authoritatively. In the absence of something like an NS record for sub.domain.com within the zone database for domain.com, it doesn't know that it should be sending that query to your conditional forwarder - so NXDOMAIN is reasonable. While I do not know what NIOS version is your system running on, can you edit the conditional forwarder for "sub.domain.com" -> Go to "Forwarders" -> Below your forwarder IP address(s), you might see 2 options :
1) An option which says "Disable auto-generation of NS records in parent authoritative zone". This specific option has to be "Unchecked"(If not already). The expectation is, when you uncheck that option, you should see an NS record for "sub" within domain.com's "Records" list(Make sure that you could see it when you go to domain.com's records).
2) Ensure that you Enable "Forwarders only".
Clear the cache(Either fully or for the respective domains) & start a packet capture on your server which receives the query & is expected to contact your forwarder to resolve xyz.sub.domain.com. You should see the query for xyz.sub.domain.com going to the forwarder configured.