Bind DNS Forwarder With Delegated Sub Domain

I currently have my Bind DNS server set up to query from root servers and I have an Active Directory sub domain delegated in my DNS settings. My named.conf.options currently looks like this:

    acl internals { 172.16.0.0/12; 192.168.0.0/16; 127.0.0.1;};

options {
        directory "/var/cache/bind";



        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };

        allow-query { internals; };
        allow-recursion { internals; };
};

controls {
        inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
};

And my AD subdomain is delegated like this:

directory      IN      NS      ds1.directory.domain.com.
ds1.directory.domain.com.    IN      A       192.168.0.60

Everything works great here, but I would like to set up DNS forwarders instead of using the root servers. I've added the following to my named.conf.options file:

forwarders {
      208.67.222.222;
      208.67.220.220;
};
forward only;
dnssec-enable yes;
dnssec-validation yes;

This also seems to work, but now my AD subdomain is not working. If I try to ping directory.domain.com, it tells me unknown host. Is there somethign special I have to do with delegated sub domains when forwarding DNS requests? I'm guessing the subdomain is getting forwarded to the external DNS server. How can I get it to resolve to my DNS server first?

Thanks!

Solution 1:

I figured it out. I have to cancel the forwarders on my authoritative zone. Otherwise queries will be forwarded to my global forwarding rule. So my zone in named.conf.local looks like this:

    zone "domain.com" {
        type master;
        file "/var/lib/bind/db.domain.com";
        forwarders {};
};