windows 2000 and bind 8.2.2

[Kevin Darcy]

Two possibilities come to mind:

1) You typoed or otherwise messed up the syntax for the "allow-update"
statement. How about you show the actual "zone" clause (feel free to change any
site-specific information, if you must, but make sure you don't alter the
*syntax* in doing so). If there is a syntax error, there should have been a log
message about it, by the way, so a quick check of the logs may be productive.

2) Maybe the Win2K box is configured to try and make *secure* Dynamic Updates.
Microsoft's implementation of secure Dynamic Updates is currently incompatible
with BIND and vice versa. If this is the case, the only way it'll work for the
foreseeable future is for the Win2K side to reconfigure the updates as
non-secured.


- Kevin

Jangalwa, Raj wrote:

> Hi All,
>
> I am sure somebody over there must have done this and I'll really appreciate
> if you can help me in solving this issue.
> My primary DNS server is a (as obvious) a unix box running 8.2.2_p5 version
> of bind. My colleague is setting up a W2K box in DMZ and wants to be able to
> do dynamic updates to a particular zone file. He is setting this box up as a
> primary root server, as it is needed for ADC (Active Directory Catalouge)
> server. I have allowed his server in the zone file to be able to do the
> updates by using "allow-update" constraint in the particular section of the
> domain.
>
> Still whenever he tries to setup his box, he gets the error that the "box
> can not be contacted" and in my /var/adm/messages file I can see the error
> "unapproved update from [ ip address ] for domain.com."
>
> Let me know how he should setup his box, so that he can do the updates and
> also what needs to be done on the server side to allow the machine to do the
> updates.
>
> TIA and will summarize.
>
> -Raj