Let's say I control the example.com zone but not the abc.example.com. "abc.example.com" is controlled by another admin so I need to forward any requests for that subdomain to his BIND server.
example.com is running on Win2k3 while abc.example.com is running on BIND.
Create an
NS
record in theexample.com
zone for the nameabc
, pointing to the BIND server.Your Win2K3 server is authoritative for the
example.com
zone, so when a request comes in for something inabc.example.com
, it's going to see that it is an authority, look to its zone records, probably not find a match, and return NXDOMAIN to the client.You need to first make your authoritative domain understand that it is not authoritative for the
abc.example.com
subdomain/zone. To do that, in theexample.com
domain, add a New Delegation forabc
(.example.com
will be appended automatically). You will be required to enter a FQDN for theabc.example.com
name server(s) and one or more IP addresses if the FQDN doesn't automatically resolve. The UI will complain if the DNS servers you point to are not authoritative for the zone, but you can proceed anyway (i.e. one or more are slaves).The delegation will create the NS records for the
abc.example.com
zone in the parentexample.com
zone automatically, as well as any needed "glue"A
(orAAAA
) records to point to the child zone's DNS servers. This is sufficient for other recursive DNS resolvers to find theabc.example.com
DNS servers. However, workstation clients using your Win2K3 server as their resolver won't follow the glue records; they need your server to do the recursion for them. But your server doesn't know to do the recursion yet.Windows Sever 2003 introduced a feature called Conditional Forwarding. This allows you to specify the specific DNS servers that your server should use to handle requests for specific zones. In your case, you would also add a conditional forwarder for
abc.example.com
and point it to the same IP(s) of that zone's name server(s). Without this step, workstation clients will receive NXDOMAIN answers. If you don't do the delegation step first, attempting to create a conditional forwarder may fail since the server is authoritative for the parent zone and would also be authoritative for the child zone without the delegation in place.