bind-users Digest V6 #299

Barry Finkel b19141 at achilles.ctd.anl.gov
Fri Nov 12 15:14:20 UTC 2004 

>> My replies to Noman Zhang
>  Norman Zhang <norman.zhang at rd.arkonnetworks.com> replies to mine

>Thanks for your reply. The rndc key works fine. I think it has been 
>discussed here before, but I can't recall why. I've just added _msdcs, 
>_sites, _tcp, _udp zones to the already running named.conf. I tried 
>converting them to 192.168.22.0/24, but still couldn't update.

>> What are you trying to get AD to register?  The SRV and CNAME records
>> in the four/six "_" zones?  How have you set up these MS zones?  If
>> you have used AD-integrated with secure updates, then the MS security
>> model is not iplemented in BIND, so the DDNS updates will fail.
>> If you are using non-secure updates, then this should work.

>The zone files are created and placed under /var/named/ with 
>uid.gid=named.named. This is W2K3 box just got upgraded from NT is 
>trying to become a DC by registering AD entries in BIND. I don't think 
>it uses any secure updates. How do I check? I grep the log under 
>/var/log/, but couldn't find the denied activity. Is there a speific 
>entry that I should grep for?

>> If you are trying to get individual W2k/W2k+3 machines to register
>> themselves via DHCP, then I am not sure what the problem might be.
>> Are you having the DHCP server register both forwards and reverses?
>> If so, are both registrations failing? I am not a DHCP expert, and I
>> suggest finding a newsgroup for your DHCP software.

>My W2K3 has a static IP and it has already been entered in zone files. I 
>would like to enable it to update the SRV and CNAME entries in the "_" 
>zone files. DHCP so far has no problem registering PTR and A records for 
>  IPs that it gives out. Do you see any conflicts with my config above?

A few things I can suggest.

1) Run a packet sniffer on the BIND box to see what packets are
   arriving.  Stop/start the Netlogon Service on the DC to force the
   DC to re-register its CNAME and SRV records.

2) Look for Event Log entries on the DC.  The Netlogon Service should
   produce events if something fails.

3) Insure that self-registration is ENABLED for the DC.  If 
   self-registration is disabled on a DC, the Netlogon process will
   not attempt to register its CNAME and SRV records.  I have no idea
   why the MS code is written this way, as self-registration and
   CNAME/SRV record registrations are two different and unrelated DDNS
   activities.  I am not sure if this case will produce Event Log
   entries, as you have told the operating system not to do DDNS.
----------------------------------------------------------------------
Barry S. Finkel
Computing and Information Systems Division
Argonne National Laboratory          Phone:    +1 (630) 252-7277
9700 South Cass Avenue               Facsimile:+1 (630) 252-4601
Building 222, Room D209              Internet: BSFinkel at anl.gov
Argonne, IL   60439-4828             IBMMAIL:  I1004994

More information about the bind-users mailing list