BIND9: Adding a forward only Zone

by | Jan 17, 2015 | Bind, Crazy Idea, DNS, General IT, IT, Linux, Misc

For testing on my home network, I wanted to run a windows domain so I could play with items such as VMWare, Backup Exec, and general AD items.

So I split out my network into a new range and installed 2 servers. Created one as a File Store and Domain Controller, the other is the VMWare box and the Backup Exec box.

Now that it is all setup and working, I wanted to be able to address servers by name from within the general network. I could have done this by changing my DNS to the Windows Server and having the Windows server do the forwarding, but I wanted to keep BIND as my primary DNS Server in my network.

So to keep BIND and all of the zones I had in bind, aswell as be able to talk to the new Domain I needed to setup BIND to forward all requests for that domain onto the Windows Server.

Here is the steps to how I did it.

On the Bind server edit the named.conf.local file to add the zone

sudo vi /etc/bind/named.conf.local

##Add the following to the file.
zone "world.local" in   {
 type forward;
 forward only;
 forwarders { 192.168.38.254; };
};

zone "38.168.192.in-addr.arpa" {
  type forward;
  forward only;
  forwarders { 192.168.38.254; };
 };

As you can see, for my new domain (world.local) I am forwarding both forward and reverse lookups to the windows server.

The next thing I needed to do was to turn off DNSSEC so it will return results from the windows server.

sudo vi /etc/bind/named.conf.options

##Comment out or remove this line
dnssec-validation auto;

Then restart BIND

user@dnshost:~$ sudo service bind9 restart
 * Stopping domain name service... bind9    waiting for pid 16105 to die
                                                                                             [ OK ]
 * Starting domain name service... bind9                                                     [ OK ]

Last thing to do is to test it all. (Like a good IT administrator)

##Test DNS Resolution
user@dnshost:~$ ping australia.world.local
PING australia.world.local (192.168.38.10) 56(84) bytes of data.
64 bytes from australia.world.local (192.168.38.10): icmp_seq=1 ttl=127 time=0.611 ms
64 bytes from australia.world.local (192.168.38.10): icmp_seq=2 ttl=127 time=0.379 ms
64 bytes from australia.world.local (192.168.38.10): icmp_seq=3 ttl=127 time=0.394 ms
64 bytes from australia.world.local (192.168.38.10): icmp_seq=4 ttl=127 time=0.401 ms

##Test Reverse lookup
user@dnshost:~$ nslookup
> 192.168.38.10
Server:         127.0.0.1
Address:        127.0.0.1#53

Non-authoritative answer:
10.38.168.192.in-addr.arpa      name = australia.world.local.

Authoritative answers can be found from:
38.168.192.IN-ADDR.ARPA nameserver = .