win 2k3 ads and bind 9.2.1 integration

[Jamie Crawford]

Hello,
I've got a domain structure of "company.com". I've seperated active =
directory by creating its own subdomain of "ads.company.com".   We are =
using bind 9.2.1 for our root domain of "company.com" and I want to use =
the Windows2k3 servers to handle all the active directory dns requests in =
"ads.company.com".  I want to do this without changing our client =
configurations through dhcp.  Through documentation I've read on the web =
and books (Oreilly Active Directory Cookbook for 2k3 and 2k pg 551-552) =
all I should have to do is enter this in my /etc/named.conf and the 2k3 dc =
should dynamically update my zone files with all relevant information.

###/etc/named.conf####

zone "ads.company.com" IN {
type master;
file "db.ads.company.com";
allow update { ip of dc's;  };
};

###db.ads.company.com###
$TTL 3600
@ IN SOA ads1.ads.company.com. hostmaster.ads.company.com. ( 1025 900 600 =
86400 3600 )

ads.company.com.   IN  NS  ads1
ads.company.com.   IN  NS  ads2
ads1  IN   A   15x.xxx.xxx.xxx
ads2  IN   A   15x.xxx.xxx.xxx


After restarting bind and restarting the domain controllers, I expected to =
have the domain controllers to dynamically update the zone file with all =
the relevant information that would be in the netlogon.dns file. To my =
surprise, no updates occured.  Instead I got the domain controllers trying =
to update my reverse zone of "xx.xxx.in-addr.;arpa/IN' denied" and =
erroring out with the usual "cant update dns message"  I then went into =
the reverse zone config in named.conf and allowed both domain controllers =
to "allow-updates". I restarted named and the dc's and=20
that made the dc's happy, but it didn't update my ads.company.com zone =
file with any information.

If anyone has any ideas or experience where to go next, it would be =
greatly appreciated.

Thanks,
jamie