Issues with delegating subdomain to AD server

Question

I have a working authorative BIND 9.8.4-P2 server on freebsd on domain domain.com with IP 192.168.0.3 and name ns.domain.com that I did not set up on my own. It is a hidden server from which a subset is published to the providers server.

I have configured an AD ad.domain.com server with DNS under the subdomain corp.domain.com with IP 192.168.0.5

What works:

nslookup ad.domain.com 192.168.0.3
nslookup ns.domain.com 192.168.0.3

nslookup ns.domain.com 192.168.0.5
nslookup corp.domain.com 192.168.0.5
nslookup ad.corp.domain.com 192.168.0.5

What does not work:

nslookup corp.domain.com 192.168.0.3 => nxdomain
nslookup ad.corp.domain.com 192.168.0.3 => nxdomain

I configured it according to this answer, however that does not work.

Here is the excerpt from the zone file (note the SOA line with the providers DNS as the file is published also to our provider):

 $TTL    86400
 @       86400   IN      SOA  ns.provider.com. hostmaster.ns.provider.com. (
                    2015070205      ; Serial number
                    86400           ; Refresh     1 day
                    7200            ; Retry       2 hours
                    604800          ; Expire      7 days
                    259200 )        ; Minimum TTL 3 days

; PRIMARY
            NS      ns.domain.com.
; secondaries
            NS      ns.provider.com.

; hosts
ns        IN      A       192.168.0.3
ad        IN      A       192.168.0.5

I now added the line

corp.domain.com.  IN      NS      ad.domain.com.

at the end but the delegation does not work.

The dig output for dig @ad.domain.com corp.domain.com ns is

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18273
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;corp.domain.com.       IN  NS

;; ANSWER SECTION:
corp.domain.com.    3600    IN  NS  ad.corp.domain.com.

;; ADDITIONAL SECTION:
ad.corp.domain.com. 1200    IN  A   192.168.0.5

;; Query time: 0 msec
;; SERVER: 192.168.0.5#53(192.168.0.5)
;; WHEN: Thu Jul  2 09:53:37 2015
;; MSG SIZE  rcvd: 72

while for dig @ns.domain.com corp.domain.com ns it is

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 46841
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;corp.domain.com.       IN  NS

;; Query time: 35 msec
;; SERVER: 192.168.0.3#53(192.168.0.3)
;; WHEN: Thu Jul  2 09:55:20 2015
;; MSG SIZE  rcvd: 39

Looking at this thread, could the issue be that the entry is not in the providers nameserver? I mean, any server in our network asks 192.168.0.3 for dns and with host name updates, the changes are visible immediately on the local network, without pushing them to the provider's DNS.

And just for the record, I also tried this approach with similar results.

Additionally, here is an excerpt from the AD's DNS (not translated)

_msdcs          
_sites          
_tcp            
_udp            
DomainDnsZones          
ForestDnsZones
(identisch mit übergeordnetem Ordner)   Autoritätsursprung (SOA)    [682], ad.corp.domain.com., hostmaster.corp.domain.com.
(identisch mit übergeordnetem Ordner)   Namenserver (NS)    ad.corp.domain.com.
(identisch mit übergeordnetem Ordner)   Host (A)    192.168.0.5
ad  Host (A)    192.168.0.5 Static

Answer 1

You're specifying a delegation. If you want corp.domain.com to resolve to something, you need (below the delegation):

$ORIGIN corp.domain.com.
    IN  A   some.ip.add.ress
ad  IN  A   192.168.0.5

and verify that the delegation (NS) is correct in the authoritative server for corp.domain.com

EDIT:

is

@       86400   IN      SOA  ns.provider.com. hostmaster.ns.provider.com. (

supposed to be

 @       86400   IN      SOA  ns.domain.com. hostmaster.ns.domain.com. (

Also, are you trying to delegate corp.domain.com to ad.domain.com or ad.corp.domain.com?

Lastly, please include the config from the 192.168.0.5 server.