DDNS from Win2k DC troubles

Tim Maestas tmaestas at dnsconsultants.com
Sat Jan 20 22:05:38 UTC 2001 



	We have created 4 subdomains of our active directory
	root:  _msdcs.company.com, _udp.company.com, _tcp.company.com
	and _sites.company.com.  Dynamic updates are allowed
	only on these four domains, only by domain controllers.
	This keeps our toplevel company.com domain free from
	any mis-behaved MS machines and the updates they may
	attempt.  

-Tim


------------------------------------------
http://www.dnsconsultants.com
DNS and other network consulting
------------------------------------------


On Fri, 19 Jan 2001, Perry Taylor wrote:

> Thanks to all for the suggestions and comments on my problem.
> 
> In an offline message Mark Andrews mentioned to me that Microsoft was aware
> of this problem and had a tech bulletin about it.  Very interesting as I
> have been working with the MS Direct Access support news group with little
> or no help provided.
> 
> I decided to search the MS KB for BIND and came up with "Q241973 - Master
> Zone May Not Work with BIND DNS for Windows 2000 Active Directory".  The
> article recommends adding "check-names master ignore;" to the options
> section in /etc/named.conf.  I tried this and I am no longer seeing the
> error appear in the system event log.  The FAQ that Mark Andrews had posted
> (http://www.nominum.com/resources/faqs/bind-faq.html#w2k) recommended the
> creation of a separate zone to handle this problem.
> 
> Are there any serious implications for adding the option as suggested by MS
> or would it be better to add the separate zone?  If it makes any difference,
> we are running BIND behind a firewall for our in-house domain.
> 
> Thanks again.
> --
> Perry Taylor
> Canyon Data Solutions, Inc.
> --
> 
> "News Account" <nobody at nowhere.com> wrote in message
> news:9487st$9qk at pub3.rc.vix.com...
> > That is exactly right.  I have had this same problem with W2K and can tell
> > you that it is not your BIND but your Windows.
> > If you have the W2K running as a DC and you are using BIND to serve the
> > domain, you might as just continue using your DDNS setup and just let the
> > domain master (BIND I assume) check-names warn.  Then in your logs you
> will
> > at least see that the records are updating.
> > If anyone disagrees with my solution, please comment.  I run mine this way
> > and can always use constructive criticism.
> >
> > "Perry Taylor" <perryft at cais.net> wrote in message
> > news:947svi$566 at pub3.rc.vix.com...
> > > I'm fairly new at DNS administration and am at a loss to resolve a
> > problem.
> > >
> > > We've got a Windows 2000 Server running AD.  It's name server is BIND
> > > 8.2.2-P5 running on RedHat 6.2.  We have enabled dynamic updates on the
> > DNS
> > > and most all requests for updates from the Win2K DC seem to update
> > correctly
> > > on the DNS with one exception:
> > >
> > >     "gc._msdcs.corp.domain.com."
> > >
> > > The DC logs the following error in the system event log...
> > >
> > > Event Type: Error
> > > Event Source: NETLOGON
> > > Event Category: None
> > > Event ID: 5774
> > > Date:  1/18/2001
> > > Time:  2:44:08 PM
> > > User:  N/A
> > > Computer: HERMAN
> > > Description:
> > > Registration of the DNS record 'gc._msdcs.corp.cdsi.com. 600 IN A
> > > 192.168.0.2' failed with the following error:
> > > DNS server unable to interpret format.
> > > Data:
> > > 0000: 29 23 00 00               )#..
> > >
> > > All other requests for updates appear successful, how do I determine if
> > this
> > > is a problem with BIND or with the request sent by the DC?
> > >
> > > Thanks.
> > >
> > > --
> > > Perry Taylor
> > > Canyon Data Solutions, Inc.
> > >
> > >
> > >
> > >
> > >
> >
> >
> >
> >
> >
> 
> 
> 
>

More information about the bind-users mailing list