Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Stumped - Need help mixing Linux DNS server and AD DNS server

Posted on 2006-11-14
Medium Priority
Last Modified: 2010-03-17
Using current version of BIND and Win2K3 AD with DNS.

Question: Is there more to delegating than just adding the 6 subzone records?

We are setting up AD using Win2K3.  We have an existing Linux DNS server.  We will delegate

all DDNS for SRV records from the Linux DNS server to the Win2K3 DNS server.

According to various sources all we need to do is create the delelgation records on the

Linux server.

These are the records we have entered into the Linux DNS server. IN                NS IN                NS IN                  NS IN                  NS IN        NS IN        NS

In addition, the Linux DNS server will have the A and PTR records which point to

According to the various sources, we can test this first step by performing the following on

 any host.


>set type=ns

The response back should be something like


But instead we are gettting the response back
*** can't find Non-existent domain

Same results when using the other sub-domains.

Question repeated: Is there more to delegating than just adding the above records?

We understand that by the time this project is complete we will have created these new zones

on the Win2K3 server but is it reasonable to assume this first step can be tested as shown

before the zones are installed.

Is the underscore in the sub-domain creating a problem in BIND?

Question by:dalva
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
LVL 40

Assisted Solution

noci earned 300 total points
ID: 17945309
originaly the _ was allowed (Bind 4) but is was by mistake,
according to RFC's it's forbidden..., MS used it, so it's back....

Yes, _ can cause trouble.

the check-names setting can be an issue here..
(either global or per zone).

Also for tracing DNS queries use dig.
It's more versatile than nslookup (which also uses
the /etc/hosts file if needed).

'dig -x for reverse' lookup
'dig -t ns' to get the ns records on

LVL 26

Expert Comment

ID: 17946289
You're in a good position to save yourself some big headaches later down the road. I'm sure some people won't agree with me, but I think you should use a subdomain for your AD domain name. Meaning instead of AD domain being "" it would be "", "" or something at the third level.

This will allow you to completely delegate all aspects of the dns to the domain controllers (  IN NS This will eliminate possible _ problems with bind and will also enable to you separate your network. Think about your website, you'll have AND (for the lazy people). might point to your linux webserver, but if you make your AD domain, will point to your domain controllers instead of your other webserver. Even if this is just internal to your lan, it will still get annoying.

Just my $0.02
LVL 40

Expert Comment

ID: 17947365
I do agree with jar3817 about adding subdomains.
Use Filtering Commands to Process Files in Linux

Learn how to manipulate data with the help of various filtering commands such as `cat`, `fmt`, `pr`, and others in Linux.


Author Comment

ID: 17948618
Thanks for the tips but I'm still not clear on the actual steps to delegate a sub zone.  With respect to the original Linux DNS server, is it just adding the NS records as I did or do I need to also add zone records in the .conf file?
LVL 26

Accepted Solution

jar3817 earned 300 total points
ID: 17948705
All you need to do to delegate a zone to another nameserver is to create the NS record for it:   IN    NS

But you'll need to make sure that is setup for the zone. I'm not entirely sure, but I would think you need to allow recursive lookups on the linux server to resolve names delegated to other servers. You can include a "recursion yes;" in the view that the internal clients use, or if you only have internal clients, you can stick that in the options section.

Author Comment

ID: 18286744
I've been off this project and just got back on it this week.  I'm not completely done with the setup but it appears I am making some headway using the above suggestions.

When I get it working as I want, I will post the detailed method.

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question