Using bind 9.5.0 with Active directory

[Nico De Ranter]

Found some time to work on it again and it seams I did something wrong
last time as ms-subdomain now works!  

Thanks for your help!!

I did notice one strange thing when turning on trace mode of named:

Whenever an update request occurs I see a lot of messages like:

---------------------------------------
09-Jan-2009 17:00:56.495 tsig key
'1056-ms-7.1-16d2c.a501f663-de66-11dd-2196-000c292d3ce0' (XP5\
$\@TEST.NET): tsig expire: generated=1, refs=1, expire=-86377)
---------------------------------------

in named.run.  The number of messages seems to increase with every
request. After 2 weeks I get hundreds of these messages per update
request. Is this normal? What will happen after named has been running
for a few months? This looks like a potential DOS attack. (I'm running
9.5.0-P2)

Nico


On Tue, 2009-01-06 at 18:04 -0500, Rob Austein wrote:
> No obvious reason why it shouldn't work with ms-subdomain.
> 
> Next step is probably a protocol trace to see what's happening on the
> wire.  wireshark/tshark is pretty good for this kind of analysis.
> 
> Probably best to run named with -g while you're doing the trace and
> capture the output as well (if you're not doing that already), since
> there may be clues in the log that aren't obvious with your normal
> logging configuration.
> 
> If possible, do the trace on the same machine that's running named, so
> that timestamps in packet trace and log will match up.