Reject of W2K gc._msdcs...

Tim Maestas tmaestas at idc.dhs.org
Tue Feb 29 23:40:45 UTC 2000 

Yeah, you might want to check the SOA fields.  I have a setup almost
identical to the one described earlier:  check-names ignore, allow-update
ip.of.win2kdc.here ; when the Win2k DC came up, it was able to update the
bind server without a hitch, adding all of it's srv records.  After the
db.example.com.log file was merged into db.example.com, the zone file was
arranged using $ORIGIN statements, ie we have in db.example.com :

$ORIGIN _msdcs.example.com.
gc	ttl in srv blah blah blah

-Tim


On Wed, 1 Mar 2000, James Hall-Kenney wrote:

> 1. Is the value in the mname field of the SOA record set to the name of the
> "master"?
> 
> 2. Does the master have an NS record for this zone?
> 
> Both required for the BIND nsupdate routines.
> 
> 
> 
> -----Original Message-----
> From: Craig Mason [mailto:cmason at masontechnology.com]
> Sent: Wednesday, 1 March 2000 04:55
> To: Mark.Andrews at nominum.com; Barry Finkel
> Cc: bind-users at isc.org
> Subject: RE: Reject of W2K gc._msdcs... 
> 
> 
> 
> Continued testing of this subject.
> 
> I could not get my BIND server to write information to any other zone files.
> I tried creating the _msdcs.example.com zone, with the check-names - ignore
> option... but nothing worked until I allowed the main zone - example.com -
> to include the check-names ignore option. Then the "gc" host gets added to
> example.com's zone file.
> 
> So... as long as example.com accepts names with underscores, the host "gc"
> makes it into my master zone file. The format is the same as Barry's (see
> below).
> 
> 
> As I continued to test, I also found that no zones would accept dynamic
> information into their zone files. I created sales.example.com, put an entry
> for it in named.conf...
> 
> 	e.g.
> 		zone "sales.example.com" {
> 			type master;
> 			file "sales.example.db";
> 			check-names ignore;
> 			allow-update { all; };
> 		};
> 
> 
> No hosts or W2K services ever make it into the zone file sales.example.db.
> I'm wondering what I am doing wrong.
> 
> 
> Craig
> 
> 
> 
> 
> 
> -----Original Message-----
> From: Mark.Andrews at nominum.com [mailto:Mark.Andrews at nominum.com]
> Sent: Friday, February 25, 2000 3:00 PM
> To: Barry Finkel
> Cc: bind-users at isc.org
> Subject: Re: Reject of W2K gc._msdcs...
> 
> 
> 
> > "Craig Mason" <cmason at masontechnology.com> wrote:
> >
> > >I too am getting this. I'm working with Mark Andrews from the list to
> > >resolve. I think I'm also going to call in Microsoft at some point to get
> > >their take on this. Please keep the list informed on any progress.
> > >
> > >Thanks!
> > >
> > >Craig
> > >
> > >
> > >
> > >-----Original Message-----
> > >From: news at news.gigabell.net [mailto:news at news.gigabell.net]On Behalf Of
> > >Falko Mach
> > >Sent: Thursday, February 24, 2000 3:45 AM
> > >To: comp-protocols-dns-bind at moderators.isc.org
> > >Subject: Reject of W2K gc._msdcs...
> > >
> > >
> > >Whats wrong if I see this in my log ?
> > >
> > >default: warning: owner name "gc._msdcs.gtz.de" IN (primary) is invalid -
> > >rejecting
> > >
> > >It seems, that all works fine.
> > >
> > >Tnx,
> > >falko
> > >
> > >mailto:    falko.mach at gtz.de
> >
> > This topic was covered earlier this week and last week.  Mark Andrews,
> > Sam Wilson, and Brian Miller  wrote about the RFCs - 952, 1183, and
> > 2181.  There was also mention of the relevant MS Technet articles.
> > Here is a summary.
> >
> > 952 says that the underscore character is illegal.  952 IS A STANDARD.
> > 1183 (IIRC) says that an initial numeric character is now legal.
> >      1183 IS A STANDARD.
> 
> 	1123 you mean
> 
> > 2181 says that almost any character is legal.  2181 is NOT a standard;
> >      it is standards-track.
> 
> 	These RFCs are all consistant.  Hostnames are a *subset* of
> 	domainnames. RFC952 and RFC1123 are talking about hostnames,
> 	RFC1182 is talking about domainnames.
> 
> 	The terms domainname and hostname are *not* interchangable.
> 	All hostnames are domainnames. All domainnames are not hostnames.
> >
> > Microsoft decided that it would follow 2181 and use an underscore in
> > an "A" record.  BIND 8.2.2-p5 by default does not allow the underscore,
> > but you can change the options parameters to allow it.
> 
> 	or zone.
> 
> 	I suspect the real reason why Microsoft choose _msdcs was so
> 	and to *not* collide with any legal hostname.  However they
> 	attempt to put a hostname (gc._msdcs.example.com) within this
> 	zone (Catch 22).
> 
> 	What Craig and I were doing was verifing that creating a seperate
> 	zone for _msdcs and not just using the parent zone would not break
> 	things (Craig was not necessarilly aware of what I was doing).
> 	This reduces the namespace that does not get checked however the
> 	lack of checking within _msdcs should not be a problem as only W2K
> 	boxes should care about what is in there and it is MS job to make
> 	sure that things don't break for themselves when they step outside
> 	of the RFCs.  This shouldn't break unless MS have stuffed up.
> 
> 	e.g.
> 		zone "_msdcs.example.com" {
> 			type master;
> 			file "_msdcs.example.db";
> 			check-names ignore;
> 			allow-update { localnets; };
> 		};
> >
> > I had posted a query twice in the past months about this.  In my case,
> > the name with the underscore was not in DNS as an entire string; it
> > was split on two lines
> >
> >      $ORIGIN _msdcs.w2k.anl.gov.
> >      gc      600     IN      A       130.202.224.143
> 
> 	This is master file format.  These is nothing strange about that
> 	as BIND and being using it for years.
> >
> > The error message from BIND complained about the name
> >
> >      gc_msdcs.w2k.anl.gov
> 
> 	You mean gc._msdcs.w2k.anl.gov
> >
> > and I could not locate that string in the zone.
> > ----------------------------------------------------------------------
> > Barry S. Finkel
> > Electronics and Computing Technologies Division
> > Argonne National Laboratory          Phone:    +1 (630) 252-7277
> > 9700 South Cass Avenue               Facsimile:+1 (630) 252-9689
> > Building 221, Room B236              Internet: BSFinkel at anl.gov
> > Argonne, IL   60439-4844             IBMMAIL:  I1004994
> >
> >
> >
> --
> Mark Andrews, Nominum Inc. / Internet Software Consortium
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at nominum.com
> 
> 
> 
>

More information about the bind-users mailing list