1.) I dont' see a suitable option in the bind config for doing that. So hosts=local,bind ? I'm looking to have bind do most of the work so I dont' rely on local files though.

I'm trying to remove all traces of abc.this.that from the system. So in my /etc/resolv.conf I have 'domain this.that'. /etc/hosts seems to be read and works fine when I add entries there but again, that's customization that would need to be duplicated across many other hosts.

I also want to have one nameserver in the /etc/resolv.conf file. I tested by adding in other nameservers that I have a forwarders and that works of course but not on the forwarders line in my named.conf (That's another problem I have, the AIX DNS bind9 setup won't properly resolve against the forwarders I have listed including the one to the Windows 2012 DNS Server).

I'm trying to keep to one nameserver as I scale this up I want less to manage in the local files and more centrally managed within Bind.

Thanks,
DH

---------- Post updated at 09:36 AM ---------- Previous update was at 08:47 AM ----------

I should add that I can resolve against the Windows 2012 DNS directly like this:

Code:

nslookup host01 <WIN 2012 DNS Server IP>

but not in the forwarders line in the /etc/named.conf file. It's a second issue but might have some bearing on this problem here however. Also looks like abc.this.that is coming from the other hosts from some cached entries (ie maybe NIM or CIFS entries) that are hitting the AIX DNS box. I did a test by using a bogus domain such as xyz.this.that and that also appeared in the logs. But I just can't find where the abc.this.that is still defined on the other hosts. Reboot did not help.

Thanks,
DH

---------- Post updated at 10:01 AM ---------- Previous update was at 09:36 AM ----------

Hey All,

A bit more on the /etc/named.conf forwarders line:

Code:

options {
        listen-on-v6 port 53 { any; };
        directory "/etc/named";
        listen-on port 53 { 127.0.0.1; 172.20.255.174; };

        // allow-query-cache { none; };
        // allow-query { any; };
        // recursion yes;

        forward first;
        forwarders { 10.0.0.10; 123.1.2.3; 10.0.0.11; 123.1.2.4; 123.1.1.1 };
};

10.X are internal Windows 2012 DNS server IP's.
123.X are external, but reachable, to this DNS server.

This DNS server is 10.0.0.20.

I can't get any logs to show up on why the forwarding is not fully working as well.

---------- Post updated at 10:49 AM ---------- Previous update was at 10:01 AM ----------

tcpdump showed no communication to the Windows 2012 DNS server on a forwarding call, even though I have it explicitly listed.

Is there a way to verify that forwarding is working? Maybe I'm missing packages?

Code:

# lslpp -w /usr/sbin/named
  File                                        Fileset               Type
  ----------------------------------------------------------------------------
  /usr/sbin/named                             bos.net.tcp.server    Symlink
# ls -altri /usr/sbin/named
 2662 lrwxrwxrwx    1 root     system           16 May  7 2014  /usr/sbin/named -> /usr/sbin/named9
# lslpp -w /usr/sbin/named9
  File                                        Fileset               Type
  ----------------------------------------------------------------------------
  /usr/sbin/named9                            bos.net.tcp.server    File
# named -v
named: continuing without SRC support
BIND 9.4.1
#