BIND & Win2k zone transfers - workaround/solution details

Danny Mayer mayer at gis.net
Sat Nov 18 05:31:32 UTC 2000 

		I would not be altogether surprised if this is related to a bug I fixed
  where ns_msg_getflag was defined as a macro.  The problem was that
  the macro was used to check the error status of a request. That macro: 
  ns_msg_getflag uses a data structure defined in ns_parse.c in lib/nameser.
  Unfortunately the data structure in Windows NT is in libbind.dll while the
  code using it is in named-xfer.  The macro tries to use an unfilled data
  structure which can be filled with anything in order to check the return
  status if a transfer segment. As a result the transfer fails.  The fix was
  to convert the macro to a real function that resides in the same location
  as the data structure.  If Microsoft just copied this, then you would see
  this kind of problem.

			Danny

At 01:25 AM 11/18/00 +0000, davem408 at my-deja.com wrote:
>This should help all of you trying to get Win2k
>and BIND to play together.  If you want to skip
>the backgroup and just know what versions work
>and which ones don't, skip to the bottom...
>
>Windows 2000 DNS uses an AXFR for it's initial
>zone transfer request with incremental (IXFR)
>requests after that.  There have been two
>problems with BIND that I have seen relating to
>interoperability with Win2k DNS.  The first
>problem (which I believe was initially fixed in
>8.2.3 T4B) was the following:
>
>Problem #1:
>Win2k could do an initial zone transfer from a
>BIND server but IXFR requests failed because the
>BIND server was responding with an AXFR response
>instead of the IXFR response the RFC specifies.
>This problem is the one that MS KB article
>Q260021 refers to
>(http://support.microsoft.com/support/kb/articles/
>Q260/0/21.ASP).
>
>Unfortunately it seems that the fix for the IXFR
>problem coincided with a new problem showing up
>with the following symptoms:
>
>Problem #2:
>When a secondary zone is initially created on a
>Win2k DNS server the AXFR request fails.  Looking
>deeper, Win2k requests the SOA record for the
>zone, receives it properly, requests an AXFR zone
>transfer from the BIND server, receives the first
>packet correctly, the following packet is
>invalid, with all following packets stating the
>server does not support the request.  This causes
>all but the smallest zones to fail on the initial
>AXFR.  It would seem that since the response
>begins to come back correctly that the problem is
>on the BIND server, but I am not positive.  The
>workaround for this is to create the zone on the
>Win2k server, stop the DNS service, move the zone
>file from the BIND server onto the Win2k server
>and rename it to the MS style name, and restart
>the DNS server.  Subsequent zone transfers are
>IXFR and will therefore succeed.  There is no
>public MS KB article at this time for this
>problem, but one is in the works since I reported
>this behavior to an MS engineer.
>
>Now, with that background in mind, here's the
>status from my testing of various versions of
>BIND:
>
>- BIND 8.2.2-P5 has problem #1
>- BIND 8.2.3-T4B has problem #2
>- BIND 8.2.2-P7 has neither problem
>- BIND 8.2.3-T6B has neither problem
>- BIND 9.0.0 has problem #2
>- BIND 9.0.1 has problem #2
>
>I hope this helps straighten out all the
>confusion, let me know if anything needs any
>clarification.
>
>- Dave Mills (dmills at removethis.juniper.net)
>
>
>Sent via Deja.com http://www.deja.com/
>Before you buy.
>

More information about the bind-users mailing list