Bind 9.2.2 integration with AD
Barry Finkel
b19141 at achilles.ctd.anl.gov
Tue Jul 22 14:38:50 UTC 2003
>Brad Daut <dautb at exchange.nku.edu> wrote (in part):
>
>I have been having problems getting my Windows 2003 DC to write its SRV
>records to my Bind 9.2.2 server. I do have bind setup to do ddns because I
>have my test dhcp clients write to a specific zone, but somehow windows 2003
>AD cant write to it. Any suggestions would really be appreciated. I have
>also added the eventlog errors as an attachment.
>
>Here is my named.conf file:
>#######################
>begin named.conf
>#######################
>acl "win2kdcs" {
> 10.0.0.3;
> 10.0.0.4;
> 10.0.0.16;
>
>};
>
>options {
> directory "/var/named";
> notify yes;
> // query-source address * port 53;
>};
>
>key DHCP_UPDATER {
> algorithm HMAC-MD5.SIG-ALG.REG.INT;
> secret somekey;
>};
>
>zone "." IN {
> type hint;
> file "named.ca";
>};
>
>zone "localhost" IN {
> type master;
> file "localhost.zone";
> allow-update { none; };
>};
>
>zone "0.0.127.in-addr.arpa" IN {
> type master;
> file "named.local";
> allow-update { none; };
>};
>
>zone "nku.edu" IN {
> type master;
> file "nku.edu";
> allow-update { none; };
>};
>
>zone "10.in-addr.arpa" IN {
> type master;
> file "10.in-addr.arpa";
> allow-update { none; };
>};
>
>zone "dhcp.nku.edu" {
> type master;
> file "dhcp.nku.edu";
> allow-update { key DHCP_UPDATER; };
>};
>
>zone "dhcp.in-addr.arpa" {
> type master;
> file "dhcp.in-addr.arpa";
> allow-update { key DHCP_UPDATER; };
>};
>
>//Windows 2000 AD zones
>zone "_sites.nku.edu" {
> type master;
> file "ad/_sites.nku.edu";
> allow-update { win2kdcs; };
>};
>
>zone "_msdcs.nku.edu" {
> type master;
> file "ad/_msdcs.nku.edu";
> allow-update { win2kdcs; };
>};
>
>zone "_tcp.nku.edu" {
> type master;
> file "ad/_tcp.nku.edu";
> allow-update { win2kdcs; };
>};
>
>zone "_udp.nku.edu" {
> type master;
> file "ad/_udp.nku.edu";
> allow-update { win2kdcs; };
>};
A few comments:
1) I do not understand this zone:
zone "dhcp.in-addr.arpa" {
type master;
file "dhcp.in-addr.arpa";
allow-update { key DHCP_UPDATER; };
};
If it is a reverse zone (for example, for the A.B.C.x subnet),
then its name should be
C.B.A.in-addr.arpa
But this is not part of your SRV problem.
2) Do you have the eventID numbers? You gave the texts, which imply
that the DDNS updates failed. I see nothing obviously wrong with
your configuration. You may need to run a sniffer on the BIND box
to capture the DNS packets and see exactly what is being sent to
BIND and what BIND returns back to the W2k box.
I have no experience with Windows 2003 (nor is there a consistent
shortcut name for it), so I do not know if your problem is due to some
new code in W2003.
----------------------------------------------------------------------
Barry S. Finkel
Computing and Instrumentation Solutions Division
Argonne National Laboratory Phone: +1 (630) 252-7277
9700 South Cass Avenue Facsimile:+1 (630) 252-4601
Building 222, Room D209 Internet: BSFinkel at anl.gov
Argonne, IL 60439-4828 IBMMAIL: I1004994
More information about the bind-users
mailing list