NIOS Delegation

Remember, if you are migrating a DNS server that has a delegation, the DNS export may not have the appropriate records and you will need to create the appropriate A records after delivery.

For example. Supposing you have a Microsoft DNS server called ns1.mycompany.corp that is authorative for the mycompany.corp DNS zone. That DNS server may delegate the zone phones.mycompany.corp to a BIND DNS server that is not being migrated. The BIND server is, in this example, ns1.phones.mycompany.corp.

To do this, you configure the zone mycompany.corp on the Infoblox replacement called ns2.mycompany.corp. You then create a subzone phones.mycompany.corp pointing to ns1.phones.mycompany.corp. This data may not be in the imported data from the MS server but, so long as ns2.mycompany.corp has the zone for mycompany.corp and a delegation to ns1.phones.mycompany.corp for the zone phones.mycompany.corp, then you should see that Infoblox automatically creates the A records ns1.phones pointing at the IP you specified in the delegation setting.

Remember with delegations, the ns2.mycompany.corp will not give you the IP answer for any *.phones.mycompany.corp query (unless it has recursion enabled. When recursion is enabled, a delegation basically acts like a conditional forward rule). It will simply respond with “That zone is hosted by ns1.phones.mycompany.com and its IP is x.x.x.x”. If the client on your machine doesn't have the good sense to automatically requery the new IP provided, the query will fail.

If, on the other hand, you set phones.mycompany.corp as a forward zone on ns2.mycompany.corp, then ns2.mycompany.corp will actually go off to ns1.phones.company.corp to get the answer for you.

This is an important difference. The dig command will take the delegation answer and then figure out what the actually IP is by querying the delegation response. nslookup will not. One solution is to put a recursive resolver in between the clients and ns2.mycompany.corp. Remember, you must allow recursive queries on ns2.mycompany.corp.