BIND 9.2.1 acting as DNS for Win2k Active Directory
Mark_Andrews at isc.org
Mark_Andrews at isc.org
Mon Dec 9 01:45:11 UTC 2002
> Ok, I have made the changes you said,
>
> Here are the config files now
>
> -----------------------------------------------------------------------------
> ----------------------
> [root at Alderaan named]# cat /etc/named.conf
> // BIND configuration file
>
>
> options {
> forwarders { 24.31.3.8; };
> directory "/var/named";
> };
>
>
> //#####################################################
> // Information for empire.intranet
> //#####################################################
> zone "empire.intranet" in {
> type master;
> file "empire.intranet.zone";
> allow-update { any; };
> };
>
> zone "_msdcs.empire.intranet" {
> type master;
> file "_msdcs.empire.intranet.zone";
> allow-update { any; };
> };
>
> zone "_sites.empire.intranet" {
> type master;
> file "_sites.empire.intranet.zone";
> allow-update { any; };
> };
>
> zone "_tcp.empire.intranet" {
> type master;
> file "_tcp.empire.intranet.zone";
> allow-update { any; };
> };
>
> zone "_udp.empire.intranet" {
> type master;
> file "_tcp.empire.intranet.zone";
> allow-update { any; };
> };
>
>
> // ##############################
> // ### Localhost setup
> // ##############################
>
> zone "0.0.127.in-addr.arpa" in {
> type master;
> file "db.127.0.0";
> allow-update { any; };
> };
>
> zone "1.168.192.in-addr.arpa" in {
> type master;
> file "1.168.192.in-addr.arpa.zone";
> allow-update { any; };
> };
>
> // ##############################
> // ### Cache file setup
> // ##############################
>
> zone "." in {
> type hint;
> file "named.ca";
> };
> -----------------------------------------------------------------------------
> ----------------------
> [root at Alderaan named]# cat empire.intranet.zone
> $ORIGIN empire.intranet.
> $TTL 86400 ; 1 day
> @ IN SOA Alderaan.empire.intranet.
> postmaster.empire.intranet.empire.intranet. (
> 103 ; serial
> 10800 ; refresh (3 hours)
> 3600 ; retry (1 hour)
> 604800 ; expire (1 week)
> 86400 ; minimum (1 day)
> )
> Alderaan.empire.intranet. IN A 192.168.1.102
> empire.intranet. IN NS Alderaan.empire.intranet.
> _msdcs.empire.intranet. IN NS Alderaan.empire.intranet.
> _sites.empire.intranet. IN NS Alderaan.empire.intranet.
> _tcp.empire.intranet. IN NS Alderaan.empire.intranet.
> _udp.empire.intranet. IN NS Alderaan.empire.intranet.
> -----------------------------------------------------------------------------
> -----------------------
> [root at Alderaan named]# cat _msdcs.empire.intranet.zone
> $ORIGIN _msdcs.empire.intranet.
> $TTL 86400 ; 1 day
> @ IN SOA Alderaan.empire.intranet.
> postmaster.empire.intranet.empire.intranet. (
> 103 ; serial
> 10800 ; refresh (3 hours)
> 3600 ; retry (1 hour)
> 604800 ; expire (1 week)
> 86400 ; minimum (1 day)
> )
> IN NS Alderaan.empire.intranet.
> -----------------------------------------------------------------------------
> ----------------------
>
> I rerun the dcpromo and im still getting the same problem
>
> The SOA query for _ldap._tcp.dc._msdcs.empire.intranet to find the
> primary DNS server returned:
> DNS server failure.
> (error code 0x0000232A "RCODE_SERVER_FAILURE")
What errors are being reported by the nameserver when you
load the zones?
Note there should be white space before the "IN" above or the
server will read the line as delegating a zone called
"IN._msdcs.empire.intranet". White space at the begining of
a record say "inherit the name from the previous record".
Mark
>
> Mark_Andrews at isc.org wrote:
>
> >>--------------------------------------------------------------------------
> >>[root at Alderaan named]# cat empire.intranet.zone
> >>$ORIGIN .
> >>$TTL 86400 ; 1 day
> >>@ IN SOA Alderaan.empire.intranet.
> >>postmaster.empire.intranet.empire.intranet. (
> >> 101 ; serial
> >> 10800 ; refresh (3 hours)
> >> 3600 ; retry (1 hour)
> >> 604800 ; expire (1 week)
> >> 86400 ; minimum (1 day)
> >> )
> >>Alderaan.empire.intranet. IN A 192.168.1.102
> >>_msdcs.empire.intranet. IN NS Alderaan.empire.intranet.
> >>_sites.empire.intranet. IN NS Alderaan.empire.intranet.
> >>_tcp.empire.intranet. IN NS Alderaan.empire.intranet.
> >>_udp.empire.intranet. IN NS Alderaan.empire.intranet.
> >>
> >>---------------------------------------------------------------------------
> >>
> >>
> >
> > Well it helps if the $ORIGIN was "empire.intranet" rather than
> > ".". That way @ would expand to "empire.intranet" rather than
> > ".".
> >
> > Also you need NS records for the zone.
> >
> > The nameserver would have logged messages like:
> >
> >empire.intranet.zone:3: ignoring out-of-zone data (.)
> >zone empire.intranet/IN: could not find NS and/or SOA records
> >zone empire.intranet/IN: has 0 SOA records
> >zone empire.intranet/IN: has no NS records
> >
> >
> >
> >>ALL OF MY "_"subzones have this same config, I will show _msdcs for
> >>debugging
> >>
> >>[root at Alderaan named]# cat _msdcs.empire.intranet.zone
> >>$ORIGIN .
> >>$TTL 86400 ; 1 day
> >>@ IN SOA Alderaan.empire.intranet.
> >>postmaster.empire.intranet.empire.intranet. (
> >> 100 ; serial
> >> 10800 ; refresh (3 hours)
> >> 3600 ; retry (1 hour)
> >> 604800 ; expire (1 week)
> >> 86400 ; minimum (1 day)
> >> )
> >>IN NS Alderaan.empire.intranet.
> >>
> >>
> >
> > Similar $ORIGIN problem here.
> >
> >
> >
> >>If we can find out what is going on here, I plan on writing up a nice
> >>HOWTO and including it in the Windows .Net 2003 Beta groups im on.
> >>
> >>As well as providing it to the general public
> >>
> >>
> >>Thanks
> >>
> >>Donnie Cranford
> >>
> >>
> >--
> >Mark Andrews, Internet Software Consortium
> >1 Seymour St., Dundas Valley, NSW 2117, Australia
> >PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
> >
> >
> >
> >
>
>
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
More information about the bind-users
mailing list