W2k AD can't access BIND server

Thu Jan 11 01:48:33 UTC 2001

I think I found the source of the problem: I had non-canonical names
in the SOA's. What can I say more .... :-<

W2k apparently checks it before trying the updates.

Jozef

On 10 Jan 2001 peter at icke-reklam.ipsec.nu.invalid wrote:

> 
> Jozef Skvarcek <jozef at photonfield.net> wrote:
> 
> > Hello,
> 
> > Could someone, please, help me with the following problem?  I am trying
> > to set up W2k Active directory, I have prepared UNIX DNS server with
> > BIND v9.0.1. Here is the procedure and the error:
> 
> You seem to use both machines on rfc1918 network, and this might
> give you extra puzzles as normal root-servers won't=20
> give out correct addresses.
> 
> Thus when the w2k DNS tries to find yout foo.com or 10.in-addr.arpa
> servers it wont find anything useful.
> 
> The cure is either to install internal root's (and update hint-files on
> all affected servers) or maybe configure use of forwarders
> for all affected servers.
> 
> The fact that w2k can RESOLVE with your DNS servers does not=20
> mean that w2k's nameserver will find the foo.com server.
> 
> 
> 
> > After running the AD wizard, and clicking on choosing the following:
> 
> > "Create a new forest of domain trees" <next> - default -=20=20=20
> > "Full DNS domain name for the domain": dynamo.foo.com <next>
> > "Domain NetBIOS name": trt54tg (random to ensure no conflict) <next>
> > "Database location": c:\winnt\ntds <next> - default -
> > "Log location": c:\winnt\ntds <next> - default -=20
> > "Sysvol folder location": c:\winnt\sysvol <next> - default -
> 
> > At this point, the following error occurs:
> 
> > "The wizard cannot contact the DNS server that handles the=20
> > name "dynamo.foo.com" to determine if it support dynamic update.  Confir=
> m
> > your DNS configuration, or install and configure a DNS server on this co=
> mputer"
> 
> > Dynamo.foo.com has its own zone file which allows dynamic updates.
> > I am able to see on the DNS server that this W2k machine does some
> > querries, also, I am able to resolve a test name in the dynamo.foo.com
> > domain from the command prompt window...
> 
> > Below is my named.conf file. Thank you,
> 
> > Jozef
> 
> > # BIND v9 config file
> > #
> > options {
> > 	directory "/named";
> > 	allow-transfer { 127.0.0.1; 10.129.15.1; 10.129.12.85; };
> > 	allow-query { any; };
> > 	pid-file "/var/run/named.pid";
> > };
> 
> > # logging configuration
> > 	truncated
> > # End of logging section
> 
> > # Slave servers definition
> > server 10.129.12.85 {
> > 	provide-ixfr yes;
> > 	transfer-format many-answers;
> > };
> 
> > # Hint zone
> > zone "." {
> > 	type hint;
> > 	file "named.ca";
> > };
> 
> > # local zone
> > zone "0.0.127.in-addr.arpa"{
> > 	type master;
> > 	file "named.local";
> > 	notify no;
> > };
> 
> > # static zones
> > zone "foo.com" in {
> > 	type master;
> > 	file "datek.db";
> > };
> 
> > # dynamic zones
> > zone "10.in-addr.arpa" in {
> > 	type master;
> > 	file "10.db";
> > 	allow-update { any; };
> > };
> > zone "dynamo.foo.com" in {
> > 	type master;
> > 	file "dynamo.foo.db";
> > 	check-names ignore;
> > 	allow-update { any; };
> > };
> 
> 
> 
> 
> 
> --=20
> Peter H=E5kanson               Phone     +46707328101       Fax +463122319=
> 0
> IPSec sverige                Email      peter at ipsec.nu=20=20
> "Safe by design"             Address    Bror Nilssons gata 16  Lundbystran=
> d
>                                         S-417 55  Gothenburg   Sweden=20=20=
> =20=20=20=20=20=20=20
> 
> 