Replacing Windows DNS with BIND 9 on SBS 2008

Posted on 2012-03-13
Medium Priority
Last Modified: 2012-03-18
Scenario. I have a Windows SBS 2008 server running at home. I have OpenDNS set up, but I only want my kids to be filtered through OpenDNS, so I'm looking into BIND 9, which I have downloaded and set up on my laptop to test.

I successfully have "views" configured using "match-clients", and it works well - with ONE exception. Obviously, SBS has a coulpe of DNS zones for the domain - domain.local and remote.domain.com

For some reason, I can't seem to get BIND working for remote.domain.com

When I ping remote.domain.com I just get a "Ping request could not find host remote.domain.com" message.

I've got two zones listed under each view "domain.local" and "remote.domain.com" - both loading their respective files.

What am I missing?
Question by:Chris Millard
  • 4
  • 2
LVL 26

Expert Comment

by:Leon Fester
ID: 37716747
You can easily split the DNS configuration for your kids to use OpenDNS and you to use your other DNS servers.....

Setup your DHCP server to publish the OpenDNS servers, so when the kids switch on their PC's they get DHCP with the OpenDNS servers.

Configure your own PC/Laptop/whatever with static DNS entries for your other DNS server that you want to use.

Otherwise, I'm not too familiar with BIND, but check if you can configure conditional forwarders to your SBS box for the remote.domain.local zone.
LVL 17

Author Comment

by:Chris Millard
ID: 37716764
The one thing I wanted to avoid was static entries for DNS. I've got laptops, ipad, phones etc., and I would prefer the BIND DNS option.

I've already got the split working - it's just the remote.domain.com that I can't seem to get at the moment...
LVL 26

Expert Comment

by:Leon Fester
ID: 37716823
Now I'm totally confused....
You have OpenDNS setup and it works.
You only want your kids to use that DNS Server.

So what will you be using for your other devices?
Where are you wanting to use BIND?
How will you get "kid" devices use OpenDNS and "dad" devices use ... whatever solution you want?

The other option is the reverse of my earlier proposal, set the KIDS devices to use statics and DHCP the other options for yourself. Although this suggestion is based on the assumption that the kids only have desktop PC or laptops that don't leave the house.
We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!

LVL 17

Author Comment

by:Chris Millard
ID: 37716896
OK - The built-in DNS on my SBS server, forwards all requests to OpenDNS - for ALL client IPs on my network.

By using "Views" in BIND, I can set forwarders for a pre-defined block of client IPs through my ISPs DNS, and anything NOT on that pre-defind list, through OpenDNS. That way my Wife and I can have unrestricted internet usage and all other devices have filtered internet.

The kids have mobile phones with Wi-Fi, and as I mentioned, I don't want to set up ANY static IPs on any device on my network.

BIND also integrates with Active Directory, so once I've got this working 100% on my test machine (I'm running BIND on my laptop at the moment), then I'll replace the Microsoft DNS with BIND because it's more configurable.

I have everything working except for this extra zone for the SBS "remote.domain.com" zone.
LVL 17

Accepted Solution

Chris Millard earned 0 total points
ID: 37717450
OK - I've got this sorted 100% now.  Although it should have been allowed, I've had to replace the @ symbol at the SOA record for the zone domain name remote.domain.com
LVL 17

Author Closing Comment

by:Chris Millard
ID: 37734443
I found my own solution to the problem

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Let us take a look at the scenario, you have a database that is corrupt and you run the ESEUTIL command only to find you are unable to repair it. How do you now get the data back?
Disk errors can be the source of sundry problems for the Exchange server, the most common one being that the database fails to mount.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question