Note: Cool Solutions are articles documenting additional functionality based on Univention products. Not all of the shown steps in the article are covered by Univention Support. For questions about your support coverage contact your contact person at Univention before you want to implement one of the shown steps.
This article describes briefly how you can set up forward zones and subdomains on the Univention Corporate Server (UCS)
Prerequisites
UCS Server Type
-
UCS DC Master
-
UCS DC Backup
-
UCS Slave
DNS Backend
Identify the backend you are using for DNS.
Depending on the backend you are using you have to edit the configuration files accordingly.
Samba4
If you use Samba4 the following command should output “samba4”:
ucr get dns/backend
samba4
The configuration file would be then
- /etc/bind/local.conf.samba4
LDAP
If you use LDAP the following command should output “ldap”:
ucr get dns/backend
ldap
The configuration file would be then
- /etc/bind/local.conf.proxy
Forward Zones
This is useful when only a specific domain name (e.g. domain.tld) needs to be answered by another DNS server (e.g. 172.16.100.1).
Restrictions: With Univention Corporate Server it is not possible to set up a subdomain of the Univention zone (e.g. sub.domain.tld) as a forward zone! To use subdomains see section about Subdomains below.
To set up a forward zone add the zone in the configuration file (/etc/bind/local.conf.proxy or /etc/bind/local.conf.samba4)
zone "domain.tld" {
type forward;
forwarders { 172.16.100.1; };
};
After setting the new configuration, services must be restarted:
systemctl restart bind9
Slave Zones
This is useful when a specific DNS server (e.g. 172.16.10.1) is authoritative for a specific domain name (e.g. slave.tld).
To set up slave zones add the following to the configuration file (/etc/bind/local.conf.proxy or /etc/bind/local.conf.samba4)
zone "slave.tld" {
type slave;
file "slave.tld";
masters { 172.16.10.1; };
};
After setting the new configuration, services must be restarted:
systemctl restart bind9
Subdomains
Another case is when a subdomain (e.g. sub.domain.tld) is managed by another server (e.g. 10.0.100.1).
Restrictions: With Univention Corporate Server it is not possible to set up a subdomain of the Univention zone (e.g. sub.domain.tld) as a forward zone. A subdomain has to be configured as a slave zone!
For answering subdomains the normal zones statement for slave zones can be used:
zone "sub.domain.tld" {
type slave;
file "sub.domain.tld";
masters { 10.0.100.1; };
};
After setting the new configuration, services must be restarted:
systemctl restart bind9
Debugging
For debugging purpose set a higher debug level with:
ucr set dns/debug/level=<LEVEL>
Where could be some value between 0 and 11. If needed, increase the debug level of the Samba4 module as well:
ucr set dns/dlz/debug/level=<LEVEL>
Restart bind with:
systemctl restart bind9