bind-users Digest V6 #299
Barry Finkel
b19141 at achilles.ctd.anl.gov
Fri Nov 12 15:14:20 UTC 2004
>> My replies to Noman Zhang
> Norman Zhang <norman.zhang at rd.arkonnetworks.com> replies to mine
>Thanks for your reply. The rndc key works fine. I think it has been
>discussed here before, but I can't recall why. I've just added _msdcs,
>_sites, _tcp, _udp zones to the already running named.conf. I tried
>converting them to 192.168.22.0/24, but still couldn't update.
>> What are you trying to get AD to register? The SRV and CNAME records
>> in the four/six "_" zones? How have you set up these MS zones? If
>> you have used AD-integrated with secure updates, then the MS security
>> model is not iplemented in BIND, so the DDNS updates will fail.
>> If you are using non-secure updates, then this should work.
>The zone files are created and placed under /var/named/ with
>uid.gid=named.named. This is W2K3 box just got upgraded from NT is
>trying to become a DC by registering AD entries in BIND. I don't think
>it uses any secure updates. How do I check? I grep the log under
>/var/log/, but couldn't find the denied activity. Is there a speific
>entry that I should grep for?
>> If you are trying to get individual W2k/W2k+3 machines to register
>> themselves via DHCP, then I am not sure what the problem might be.
>> Are you having the DHCP server register both forwards and reverses?
>> If so, are both registrations failing? I am not a DHCP expert, and I
>> suggest finding a newsgroup for your DHCP software.
>My W2K3 has a static IP and it has already been entered in zone files. I
>would like to enable it to update the SRV and CNAME entries in the "_"
>zone files. DHCP so far has no problem registering PTR and A records for
> IPs that it gives out. Do you see any conflicts with my config above?
A few things I can suggest.
1) Run a packet sniffer on the BIND box to see what packets are
arriving. Stop/start the Netlogon Service on the DC to force the
DC to re-register its CNAME and SRV records.
2) Look for Event Log entries on the DC. The Netlogon Service should
produce events if something fails.
3) Insure that self-registration is ENABLED for the DC. If
self-registration is disabled on a DC, the Netlogon process will
not attempt to register its CNAME and SRV records. I have no idea
why the MS code is written this way, as self-registration and
CNAME/SRV record registrations are two different and unrelated DDNS
activities. I am not sure if this case will produce Event Log
entries, as you have told the operating system not to do DDNS.
----------------------------------------------------------------------
Barry S. Finkel
Computing and Information Systems Division
Argonne National Laboratory Phone: +1 (630) 252-7277
9700 South Cass Avenue Facsimile:+1 (630) 252-4601
Building 222, Room D209 Internet: BSFinkel at anl.gov
Argonne, IL 60439-4828 IBMMAIL: I1004994
More information about the bind-users
mailing list