Deligating to Active Directory sub-domain from existing BIND/NAMED domain

Posted on 2014-08-17
Last Modified: 2014-09-28
We currently have BIND running our top level domain (eg  Previously we had our old AD forest sitting on the same TLD that was causing big issues with external namespace.  Now, I am building a new AD forest and want to put this at

In our BIND domain I have added NS records pointing to our AD DNS servers(see below), but I still cannot get our DNS to resolve or

From out BIND domain file:
ad   NS
ad   NS

Suggestions ?
Question by:RescueIT
    LVL 25

    Accepted Solution

    I'm not well-versed in BIND at all, but this appears to be a pretty good explanation of delegating a subdomain. The Domain Name-Server Zone Files section will be the most (possibly only) relevant one, since the subdomain's name servers aren't running BIND.

    There's apparently more than one way to specify a delegation in BIND, but it looks like you'll need the following at a minimum in the parent zone file:

    NS records for all of the subdomain's DNS servers. These records should refer to the FQDNs of those DNS servers, not their IP addresses.
    Glue records for the subdomain's DNS servers. These will be host (A) records which map their FQDNs to IP addresses.

    It should look something like this...I think:       IN    NS       IN    NS   IN    A   IN    A

    Open in new window

    Obviously you'll substitute the actual names and IP addresses of the subdomain's DNS servers.
    LVL 70

    Expert Comment

    by:Chris Dent
    DrDave242 is right :)

    It just needs the delegation as shown in the text box, including glue if the name servers are within the domain you're delegating.

    Other than highlighting that short-hand is entirely permissible ( is just ad, and is there's nothing I can add to that.

    You can disregard the modifications to the conf file described in the link. Those are, only relevant if the new zone is also on a BIND box (as DrDave242 thought).



    Featured Post

    What Is Threat Intelligence?

    Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

    Join & Write a Comment

    Suggested Solutions

    This article is in response to a question ( here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
    Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now