Bind 822p5, W2k AD in Delegated zone problem...

Barry Finkel b19141 at achilles.ctd.anl.gov
Wed Dec 27 14:37:08 UTC 2000 

Fred Skrotzki <fjslist at rochester.rr.com> wrote:

>Ok I know I'm missing something but am not sure what.
>
>We have Primary and Secondary DNS servers using RH 6.2 bind 822p5 (Yea
>I know we need to upgrade to p7 it's on the to-do list this week)
>which CAN'T be converted to non bind solutions.
>
>We are doing some ISP hosting using W2k boxes.  I have read the W2k
>help and it say's that we can create a delegated zone and have active
>directory use that.  So I've created a delegated zone
>hosting.netsetgo.net pointing to our AD W2k Server in the hosting
>environment.
>
>excerpt from named.conf
>=====================
>
>zone "hosting.netsetgo.net." {
>        type master;
>        file "hosting.netsetgo.net";
>        };
>
>excerpt from netsetgo.net
>======================
>
>;       sub zones
>netsetgo-asp01  IN      A       216.42.130.24
>hosting         IN      NS      netsetgo-asp01.netsetgo.net.
>
>the hosting.netsetgo.net file on the Primary DNS
>=========================================
>$TTL    10M
>@       IN      SOA     netsetgo-asp01.netsetgo.net.
>hostmaster.netsetgo.net. (
>                        2000122102      ; serial
>                        43200           ; refresh
>                        3600            ; retry
>                        604800          ; expire
>                        43200 )         ; ttl
>; Name Servers
>@       IN      NS              netsetgo-asp01.netsetgo.net.
>
>
>Now as I understand it when installing MS DNS I setup forwarders to my
>Primary domain DNS server so we can see the other delegated zones.
>The DNS server doing the hosting.netsetgo.net is also our AD server so
>any systems pointing to either our AD server DNS or the main company
>DNS server should be able to locate the AD records but they can't.  So
>I'm guessing I have something wrong on the bind side.  Any ideas?

I may be missing something in your explanation of your problem.

You want zone

     hosting.netsetgo.net

to be AD-integrated, if I read your posting correctly.  If that is true,
then that zone must be "mastered" on the W2k DNS DC box(es).  You have 
it mastered on the BIND box:

     excerpt from named.conf
     =====================
     
     zone "hosting.netsetgo.net." {
             type master;

In Win2k DNS, there are three options when you create a new zone via the
GUI -- AD-integrated master, standard master, and standard slave.
You can create the AD-integrated master for the zone on the Win2k DNS.
If you have more than one DC, then the zone will be propogated 
automatically to the other DCs.  One of the DCs will be listed as the
real master in the SOA record.  If you want to have your BIND server
be a slave for thee zone, define the zone as a slave in named.conf.
You will have to list at least one of the DCs as the primary; I would
choose the DC that is listed in the SOA record.  You can also list other
masters in named.conf, but I am not exactly sure if that buys you
anything.  If the "master" DC is down, then listing other masters will
cause BIND to use another master for the zone transfer, but you can not
be assured that the zone transferred from another AD-integrated master
will have the same serial number as the real master.
----------------------------------------------------------------------
Barry S. Finkel
Electronics and Computing Technologies Division
Argonne National Laboratory          Phone:    +1 (630) 252-7277
9700 South Cass Avenue               Facsimile:+1 (630) 252-9689
Building 221, Room B236              Internet: BSFinkel at anl.gov
Argonne, IL   60439-4844             IBMMAIL:  I1004994

More information about the bind-users mailing list