BIND 9.2.1 acting as DNS for Win2k Active Directory

Matthias Stapf m.stapf at t-online.de
Sun Dec 8 16:41:16 UTC 2002 


Hi,

I've a serious Problem, I want to configure my DNS-Server running on LINUX
to get updated by my Win2k Domain Controller during the DCPROMO Setup. I've
configured the named.conf to let the Windows Box do the Updates needed for
Active Directory. The named Conf looks like this:

ogging {
        channel logfile {
                file "/var/log/named";
                print-time yes;
                severity info;
                print-category yes;
                print-severity yes;
        };
        category "default"              { "logfile"; };
        category "general"              { "logfile"; };
        category "database"             { "logfile"; };
        category "config"               { "logfile"; "default_syslog"; };
        category "resolver"             { "logfile"; };
        category "client"               { "logfile"; };
        category "network"              { "logfile"; };
        category "queries"              { "logfile"; };
        category "update"               { "logfile"; };
        category "xfer-in"              { "logfile"; };
        category "xfer-out"             { "logfile"; "default_syslog"; };
        category "notify"               { "logfile"; };
        category "security"             { "logfile"; };
        category "lame-servers"         { "logfile"; };
        category "dispatch"             { "logfile"; };
        category "dnssec"               { "logfile"; };
};


acl dns-srv { 192.168.200.22; 192.168.200.8; 192.168.200.10; 192.168.0.3; };

acl w2k-dc { 192.168.200.201; 0.0.0.0; 192.168.200.200; };

options {
        directory "/var/named/";
        forwarders { 192.168.200.22; };
        #forward first;
        listen-on port 53 { 127.0.0.1; 192.168.200.200; };
        #listen-on-v6 { any; };
        #query-source address * port 53;
        #transfer-source * port 53;
        #notify-source * port 53;
        #allow-query { 127.0.0.1; };
        allow-transfer { dns-srv; w2k-dc; };
        #check-names master ignore;
        recursion yes;
        notify yes;
        #auth-nxdomain yes;
};

zone "localhost" IN {
        type master;
        file "localhost.zone";
};

zone "0.0.127.in-addr.arpa" IN {
        type master;
        file "db.127.0.0";
};

# You can insert further zone records for your own domains below.

zone "." IN {
        type hint;
        file "db.root";
};

zone "test.rhe.womit.com" IN {
        type master;
        file "test.rhe.womit.com";
        notify yes;
        allow-transfer { dns-srv; w2k-dc; };
        allow-update { w2k-dc; };
};

zone "200.168.192.in-addr.arpa" IN {
        type master;
        file "192.168.200.rev";
        notify yes;
        allow-transfer { dns-srv; w2k-dc; };
        allow-update { w2k-dc; };
};

#zone "_udp.test.rhe.womit.com" IN {
#        type master;
#        file "_udp.test";
#        allow-transfer { dns-srv; w2k-dc; };
#        allow-update { w2k-dc; };
#};

#zone "_tcp.test.rhe.womit.com" IN {
#        type master;
#        file "_tcp.test";
#        allow-transfer { dns-srv; w2k-dc; };
#        allow-update { w2k-dc; };
#};

#zone "_sites.test.rhe.womit.com" IN {
#        type master;
#        file "_sites.test";
#        allow-transfer { dns-srv; w2k-dc; };
#        allow-update { w2k-dc; };
#};

#zone "_msdcs.test.rhe.womit.com" IN {
#        type master;
#        file "_msdcs.test";
#        allow-transfer { dns-srv; w2k-dc; };
#        allow-update { w2k-dc; };
#};

zone "rhe.womit.com" IN {
        type forward;
        forwarders { 192.168.200.22; };
        forward only;
};

The current ZoneFile for test.rhe.womit.com looks like this:

[root at linux named]# cat test.rhe.womit.com
$ORIGIN .
$TTL 86400      ; 1 day
test.rhe.womit.com      IN SOA  linux.test.rhe.womit.com. root. (
                                2002120712 ; serial
                                600        ; refresh (10 minutes)
                                300        ; retry (5 minutes)
                                604800     ; expire (1 week)
                                86400      ; minimum (1 day)
                                )
                        NS      linux.test.rhe.womit.com.
                        A       192.168.200.201
$ORIGIN test.rhe.womit.com.
$TTL 1200       ; 20 minutes
bindw2k                 A       192.168.200.201
$TTL 86400      ; 1 day
linux                   A       192.168.200.200

Everytime I start the dcpromo.exe, and entering the full DNS name for the
new AD-tree I get the follwowin messages in /var/log/named:

Dec 08 17:37:03.698 queries: info: client 192.168.200.201#1095: query:
_ldap._tcp.dc._msdcs.test.rhe.womit.com IN SRV
Dec 08 17:37:03.705 queries: info: client 192.168.200.201#1096: query:
_ldap._tcp.dc._msdcs.test.rhe.womit.com IN SRV
Dec 08 17:37:06.710 queries: info: client 192.168.200.201#1097: query:
_ldap._tcp.dc._msdcs.test.rhe.womit.com IN SRV
Dec 08 17:37:06.728 queries: info: client 192.168.200.201#1098: query:
_ldap._tcp.dc._msdcs.test IN SRV
Dec 08 17:37:15.537 queries: info: client 192.168.200.201#1099: query:
test.rhe.womit.com IN SOA
Dec 08 17:37:15.542 update: info: client 192.168.200.201#1100: updating zone
'test.rhe.womit.com/IN': update failed: 'name not in use' prerequisite not
satisfied (YXDOMAIN)

What is wrong in my config, what can I do to get rid of this message, if I
do an ipconfig /rgisterdns an corresponding entry for the mashine is made.
But if I start dcpromo I get the message that the Zone Update has failed.

Can anyone help me

Thanx in advance

Matthias Stapf

More information about the bind-users mailing list