BIND 9.2.1 acting as DNS for Win2k Active Directory
Cricket Liu
cricket at menandmice.com
Sun Dec 8 22:48:40 UTC 2002
Matthias Stapf wrote:
> I've a serious Problem, I want to configure my DNS-Server running on
> LINUX to get updated by my Win2k Domain Controller during the DCPROMO
> Setup. I've configured the named.conf to let the Windows Box do the
> Updates needed for Active Directory. The named Conf looks like this:
>
> ogging {
> channel logfile {
> file "/var/log/named";
> print-time yes;
> severity info;
> print-category yes;
> print-severity yes;
> };
> category "default" { "logfile"; };
> category "general" { "logfile"; };
> category "database" { "logfile"; };
> category "config" { "logfile";
> "default_syslog"; }; category "resolver" {
> "logfile"; }; category "client" { "logfile"; };
> category "network" { "logfile"; };
> category "queries" { "logfile"; };
> category "update" { "logfile"; };
> category "xfer-in" { "logfile"; };
> category "xfer-out" { "logfile";
> "default_syslog"; }; category "notify" {
> "logfile"; }; category "security" { "logfile"; };
> category "lame-servers" { "logfile"; };
> category "dispatch" { "logfile"; };
> category "dnssec" { "logfile"; };
> };
You don't need to explicitly send all those different categories of
messages to "logfile" if you're already sending the default category
there.
> acl dns-srv { 192.168.200.22; 192.168.200.8; 192.168.200.10;
> 192.168.0.3; };
>
> acl w2k-dc { 192.168.200.201; 0.0.0.0; 192.168.200.200; };
Why is 0.0.0.0 in the ACL?
> zone "test.rhe.womit.com" IN {
> type master;
> file "test.rhe.womit.com";
> notify yes;
> allow-transfer { dns-srv; w2k-dc; };
> allow-update { w2k-dc; };
> };
>
> The current ZoneFile for test.rhe.womit.com looks like this:
>
> [root at linux named]# cat test.rhe.womit.com
> $ORIGIN .
> $TTL 86400 ; 1 day
> test.rhe.womit.com IN SOA linux.test.rhe.womit.com. root. (
> 2002120712 ; serial
> 600 ; refresh (10 minutes)
> 300 ; retry (5 minutes)
> 604800 ; expire (1 week)
> 86400 ; minimum (1 day)
> )
Your zone's RNAME field ("root.") is wrong, and the refresh and
retry values are a little low. None of this is causing the error, though.
> NS linux.test.rhe.womit.com.
> A 192.168.200.201
> $ORIGIN test.rhe.womit.com.
> $TTL 1200 ; 20 minutes
> bindw2k A 192.168.200.201
> $TTL 86400 ; 1 day
> linux A 192.168.200.200
>
> Everytime I start the dcpromo.exe, and entering the full DNS name for
> the new AD-tree I get the follwowin messages in /var/log/named:
>
> Dec 08 17:37:03.698 queries: info: client 192.168.200.201#1095: query:
> _ldap._tcp.dc._msdcs.test.rhe.womit.com IN SRV
> Dec 08 17:37:03.705 queries: info: client 192.168.200.201#1096: query:
> _ldap._tcp.dc._msdcs.test.rhe.womit.com IN SRV
> Dec 08 17:37:06.710 queries: info: client 192.168.200.201#1097: query:
> _ldap._tcp.dc._msdcs.test.rhe.womit.com IN SRV
> Dec 08 17:37:06.728 queries: info: client 192.168.200.201#1098: query:
> _ldap._tcp.dc._msdcs.test IN SRV
> Dec 08 17:37:15.537 queries: info: client 192.168.200.201#1099: query:
> test.rhe.womit.com IN SOA
This is all fine so far.
> Dec 08 17:37:15.542 update: info: client 192.168.200.201#1100:
> updating zone 'test.rhe.womit.com/IN': update failed: 'name not in
> use' prerequisite not satisfied (YXDOMAIN)
This error is probably caused by the DC trying to add an A RR for
test.rhe.womit.com, which already has an A RR. This shouldn't be
causing a problem, but if you'd like to prevent the DC from even
trying to add the A RR, see Recipe 8.8 of the Cookbook or Microsoft
Knowledge Base article Q246804 (hint: you're looking for
RegisterDNSARecords).
cricket
Men & Mice
DNS Software, Training and Consulting
www.menandmice.com
The DNS and BIND Cookbook, now available!
http://www.oreilly.com/catalog/dnsbindckbk/
More information about the bind-users
mailing list