BIND 9.2.1 acting as DNS for Win2k Active Directory

Donnie Cranford mozilla at attbi.com
Mon Dec 9 00:26:59 UTC 2002 

I also am trying to get BIND 9.2.1 working with AD but on Windows .Net 2003

But when I run dcpromo and it tries to integrate I get the following 
error message

The SOA query for _ldap._tcp.dc._msdcs.empire.intranet to find the 
primary DNS server returned:
  DNS server failure.
(error code 0x0000232A "RCODE_SERVER_FAILURE"


I see nothing strange in /var/log/messages

I will provide my config files for debug purposes.....

BTW, I have purchased the BIND Cookbook and im using Crickets _msdcs and 
the other 3 subdomains technique.


----------------------------------------------------------------------

/etc/named.conf

[root at Alderaan named]# cat /etc/named.conf
// BIND configuration file


options {
forwarders { 24.31.3.8; };
                 directory "/var/named";
};


//#####################################################
//           Information for empire.intranet
//#####################################################
zone "empire.intranet" in {
    type master;
    file "empire.intranet.zone";
    allow-update { any; };
};

zone "_msdcs.empire.intranet" {
    type master;
    file "_msdcs.empire.intranet.zone";
    allow-update { any; };
};

zone "_sites.empire.intranet" {
    type master;
    file "_sites.empire.intranet.zone";
    allow-update { any; };
};

zone "_tcp.empire.intranet" {
    type master;
    file "_tcp.empire.intranet.zone";
    allow-update { any; };
};

zone "_udp.empire.intranet" {
    type master;
    file "_tcp.empire.intranet.zone";
    allow-update { any; };
};


// ##############################
// ### Localhost setup
// ##############################

zone "0.0.127.in-addr.arpa"   in {
    type master;
    file "db.127.0.0";
    allow-update { any; };
};

zone "1.168.192.in-addr.arpa"  in {
    type master;
    file "1.168.192.in-addr.arpa.zone";
    allow-update { any; };
};

// ##############################
// ### Cache file setup
// ##############################

zone "."   in {
    type hint;
    file "named.ca";
};

--------------------------------------------------------------------------
[root at Alderaan named]# cat empire.intranet.zone
$ORIGIN .
$TTL 86400      ; 1 day
@       IN SOA  Alderaan.empire.intranet. 
postmaster.empire.intranet.empire.intranet. (
                                 101         ; serial
                                 10800      ; refresh (3 hours)
                                 3600       ; retry (1 hour)
                                 604800     ; expire (1 week)
                                 86400      ; minimum (1 day)
                                 )
Alderaan.empire.intranet. IN A 192.168.1.102
_msdcs.empire.intranet. IN NS Alderaan.empire.intranet.
_sites.empire.intranet. IN NS Alderaan.empire.intranet.
_tcp.empire.intranet.   IN NS Alderaan.empire.intranet.
_udp.empire.intranet.   IN NS Alderaan.empire.intranet.

---------------------------------------------------------------------------

ALL OF MY "_"subzones have this same config, I will show _msdcs for 
debugging

[root at Alderaan named]# cat _msdcs.empire.intranet.zone
$ORIGIN .
$TTL 86400      ; 1 day
@               IN SOA  Alderaan.empire.intranet. 
postmaster.empire.intranet.empire.intranet. (
                                 100         ; serial
                                 10800      ; refresh (3 hours)
                                 3600       ; retry (1 hour)
                                 604800     ; expire (1 week)
                                 86400      ; minimum (1 day)
                                 )
IN NS   Alderaan.empire.intranet.


If we can find out what is going on here, I plan on writing up a nice 
HOWTO and including it in the Windows .Net 2003 Beta groups im on.

As well as providing it to the general public


Thanks

Donnie Cranford




Mark_Andrews at isc.org wrote:
>>>Dec 08 17:37:15.542 update: info: client 192.168.200.201#1100:
>>>updating zone 'test.rhe.womit.com/IN': update failed: 'name not in
>>>use' prerequisite not satisfied (YXDOMAIN)
>>
>>This error is probably caused by the DC trying to add an A RR for
>>test.rhe.womit.com, which already has an A RR.  This shouldn't be
>>causing a problem, but if you'd like to prevent the DC from even
>>trying to add the A RR, see Recipe 8.8 of the Cookbook or Microsoft
>>Knowledge Base article Q246804 (hint:  you're looking for
>>RegisterDNSARecords).
> 
> 
> 	Cricket you know that it is not a error.  We have to be
> 	consistant in the education process and say that it is a
> 	negative response indicating the prerequisite part was not
> 	met and that the update was conditional on the prerequisite
> 	part being met.
> 
> 	Mark
> 
> 
>>cricket
>>
>>Men & Mice
>>DNS Software, Training and Consulting
>>www.menandmice.com
>>
>>The DNS and BIND Cookbook, now available!
>>http://www.oreilly.com/catalog/dnsbindckbk/
>>
>>
> 
> --
> Mark Andrews, Internet Software Consortium
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at isc.org
>

More information about the bind-users mailing list