BIND 9.2.1 acting as DNS for Win2k Active Directory
Donnie Cranford
mozilla at attbi.com
Mon Dec 9 00:26:59 UTC 2002
I also am trying to get BIND 9.2.1 working with AD but on Windows .Net 2003
But when I run dcpromo and it tries to integrate I get the following
error message
The SOA query for _ldap._tcp.dc._msdcs.empire.intranet to find the
primary DNS server returned:
DNS server failure.
(error code 0x0000232A "RCODE_SERVER_FAILURE"
I see nothing strange in /var/log/messages
I will provide my config files for debug purposes.....
BTW, I have purchased the BIND Cookbook and im using Crickets _msdcs and
the other 3 subdomains technique.
----------------------------------------------------------------------
/etc/named.conf
[root at Alderaan named]# cat /etc/named.conf
// BIND configuration file
options {
forwarders { 24.31.3.8; };
directory "/var/named";
};
//#####################################################
// Information for empire.intranet
//#####################################################
zone "empire.intranet" in {
type master;
file "empire.intranet.zone";
allow-update { any; };
};
zone "_msdcs.empire.intranet" {
type master;
file "_msdcs.empire.intranet.zone";
allow-update { any; };
};
zone "_sites.empire.intranet" {
type master;
file "_sites.empire.intranet.zone";
allow-update { any; };
};
zone "_tcp.empire.intranet" {
type master;
file "_tcp.empire.intranet.zone";
allow-update { any; };
};
zone "_udp.empire.intranet" {
type master;
file "_tcp.empire.intranet.zone";
allow-update { any; };
};
// ##############################
// ### Localhost setup
// ##############################
zone "0.0.127.in-addr.arpa" in {
type master;
file "db.127.0.0";
allow-update { any; };
};
zone "1.168.192.in-addr.arpa" in {
type master;
file "1.168.192.in-addr.arpa.zone";
allow-update { any; };
};
// ##############################
// ### Cache file setup
// ##############################
zone "." in {
type hint;
file "named.ca";
};
--------------------------------------------------------------------------
[root at Alderaan named]# cat empire.intranet.zone
$ORIGIN .
$TTL 86400 ; 1 day
@ IN SOA Alderaan.empire.intranet.
postmaster.empire.intranet.empire.intranet. (
101 ; serial
10800 ; refresh (3 hours)
3600 ; retry (1 hour)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
Alderaan.empire.intranet. IN A 192.168.1.102
_msdcs.empire.intranet. IN NS Alderaan.empire.intranet.
_sites.empire.intranet. IN NS Alderaan.empire.intranet.
_tcp.empire.intranet. IN NS Alderaan.empire.intranet.
_udp.empire.intranet. IN NS Alderaan.empire.intranet.
---------------------------------------------------------------------------
ALL OF MY "_"subzones have this same config, I will show _msdcs for
debugging
[root at Alderaan named]# cat _msdcs.empire.intranet.zone
$ORIGIN .
$TTL 86400 ; 1 day
@ IN SOA Alderaan.empire.intranet.
postmaster.empire.intranet.empire.intranet. (
100 ; serial
10800 ; refresh (3 hours)
3600 ; retry (1 hour)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
IN NS Alderaan.empire.intranet.
If we can find out what is going on here, I plan on writing up a nice
HOWTO and including it in the Windows .Net 2003 Beta groups im on.
As well as providing it to the general public
Thanks
Donnie Cranford
Mark_Andrews at isc.org wrote:
>>>Dec 08 17:37:15.542 update: info: client 192.168.200.201#1100:
>>>updating zone 'test.rhe.womit.com/IN': update failed: 'name not in
>>>use' prerequisite not satisfied (YXDOMAIN)
>>
>>This error is probably caused by the DC trying to add an A RR for
>>test.rhe.womit.com, which already has an A RR. This shouldn't be
>>causing a problem, but if you'd like to prevent the DC from even
>>trying to add the A RR, see Recipe 8.8 of the Cookbook or Microsoft
>>Knowledge Base article Q246804 (hint: you're looking for
>>RegisterDNSARecords).
>
>
> Cricket you know that it is not a error. We have to be
> consistant in the education process and say that it is a
> negative response indicating the prerequisite part was not
> met and that the update was conditional on the prerequisite
> part being met.
>
> Mark
>
>
>>cricket
>>
>>Men & Mice
>>DNS Software, Training and Consulting
>>www.menandmice.com
>>
>>The DNS and BIND Cookbook, now available!
>>http://www.oreilly.com/catalog/dnsbindckbk/
>>
>>
>
> --
> Mark Andrews, Internet Software Consortium
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
>
More information about the bind-users
mailing list