How to forward a subzone

Question

I'm using Bind9 as the DNS server for my office.

We have a zone: example.com. which has to be resolved from our DNS server as authoritative.

On the other hand, we have a sub.example.com. zone, which has to be forwarded to other DNS server.

Bind answers propery when we query for any record at the example.com. zone. But it fails for queries about sub.example.com. as it doesn't do the forwarding. It keeps on looking for the answer locally.

This is the named.conf file

zone "sub.example.com" IN { type forward;
        forwarders {172.21.238.229;172.21.238.230;};
        forward only;
};


zone "example.com" {
        type master;
        forwarders {};
        file "/etc/named/example.com.db";
};

This is the example.com.db file content:

$ORIGIN example.com.
$TTL 1W
@   IN  SOA     dnsldes.example.com. postmaster.example.com. (
                               6            ; serial number
                               3600         ; refresh   [1h]
                               600          ; retry     [10m]
                               86400        ; expire    [1d]
                               3600 )       ; min TTL   [1h]
;


      IN     NS      dnsldes.example.com.

bdred           IN      A       172.22.2.150
dnsldes IN      A       172.21.229.159

This is the output for bdred.example.com query using dig client(which is ok):

; <<>> DiG 9.8.1-P1 <<>> bdred.sub.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 9764
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;bdred.sub.example.com.         IN      A

;; AUTHORITY SECTION:
example.com.            3600    IN      SOA     dnsldes.example.com. postmaster.example.com. 6 3600 600 86400 3600

;; Query time: 4 msec
;; SERVER: 172.21.229.159#53(172.21.229.159)
;; WHEN: Mon Mar 11 12:55:02 2013
;; MSG SIZE  rcvd: 94

And this is the answer for the dig query, which is not working propery:

; <<>> DiG 9.8.1-P1 <<>> bdred.sub.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 26555
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;bdred.sub.example.com.         IN      A

;; AUTHORITY SECTION:
example.com.            3600    IN      SOA     dnsldes.example.com. postmaster.example.com. 6 3600 600 86400 3600

;; Query time: 4 msec
;; SERVER: 172.21.229.159#53(172.21.229.159)
;; WHEN: Mon Mar 11 13:09:07 2013
;; MSG SIZE  rcvd: 94

Please, what are we doing wrong?

Answer 1

The solution is no to create a zone in the named.conf. The solution is to use zone delegation as follows:

$ORIGIN example.com.
$TTL 1W
@   IN  SOA     dnsldes.example.com.  postmaster.example.com. (
                               6            ; serial number
                               3600         ; refresh   [1h]
                               600          ; retry     [10m]
                               86400        ; expire    [1d]
                               3600 )       ; min TTL   [1h]
;


      IN     NS      dnsldes.example.com.


dnsldes IN  A   XXX.XXX.XXX.XXX
bahamas IN  CNAME   bdred



; Delegations and Glue
$ORIGIN sub.example.com.
@       IN      NS      lmzdns1.sub.example.com.

        IN      NS      lmzdns2.sub.example.com.

lmzdns1 IN      A       XXX.XXX.XXX.XXX
lmzdns2 IN      A       XXX.XXX.XXX.XXX

Answer 2

This is a subdomain delegation problem:

Add NS records to your zone’s data file delegating the subdomain to the name server.

Example:

Domain: one.domain Subdomain: sub.one.domain

I need to resolve sub.one.domain only with the google public dns.

To delegate the sub.one.domain to the name server externalns.one.domain, you can add this NS record to the one.domain zone data file:

sub.one.domain.    IN    NS    externalns.one.domain.

You’ll also need to add an A record for externalns.one.domain:

externalns.one.domain    IN    A    8.8.8.8