MS AD 2008R2 and bind
Will Lists
listswill at gmail.com
Tue Jan 3 13:06:35 UTC 2012
On Tue, Jan 3, 2012 at 4:00 AM, Melbinger Christian <
Christian.Melbinger at wienit.at> wrote:
> Hi****
>
> ** **
>
> My company moved to a 2008R2 Domain Controller environment. Now I see the
> following message in the windows log:****
>
> ** **
>
> *Title*: This domain controller must register its correct IP addresses
> with the DNS server****
>
> *Severity*: Error****
>
> *Category*: Configuration****
>
> *Issue*: The Domain Name System (DNS) host resource records for this
> domain controller's fully qualified domain name currently map to the IP
> addresses that do not belong to this domain controller. The invalid IP
> addresses are 10.1.1.1; 10.2.2.2.****
>
> *Impact*: Other member computers and domain controllers in the domain or
> forest might not be able to locate this domain controller. This domain
> controller will not be able to provide a full suite of services.****
>
> *Resolution*: Ensure that the DNS Client service on this domain
> controller is configured and able to register valid host resource records
> with an authoritative DNS server for the domain.****
>
> More information about this best practice and detailed resolution
> procedures: http://go.microsoft.com/fwlink/?LinkId=131229****
>
> ** **
>
> ** **
>
> All Domain Controllers have zone updates rights on the master dns server,
> and according to the logfile updating zones works.****
>
> My DNS-Servers are running BIND 9.7.3-P3.****
>
> ** **
>
> ** **
>
> ** **
>
> So this is presumably not a problem of the bind servers themselves, but
> still, does anyone have an idea how to get rid of the error messages?****
>
> Anyone know the checkbox to unset? I didn’t find one…****
>
> ** **
>
> With regards****
>
> Christian Melbinger****
>
> ** **
>
> ** **
>
> ---****
>
> Ing. Christian Melbinger****
>
> Netzwerk & Security****
>
> ** **
>
> WienIT EDV Dienstleistungsgesellschaft mbH & Co KG****
>
> A-1030 Wien, Thomas-Klestil-Platz 6****
>
> tel: +43 (1) 90405 47188****
>
> fax: +43 (1) 90405 88 47188****
>
> mailto:christian.melbinger at wienit.at****
>
> ** **
>
> ____________________________________________________________________________
> WienIT EDV Dienstleistungsgesellschaft mbH & Co KG, A-1030 Wien,
> Thomas-Klestil-Platz 6,
> FN 255974h, Handelsgericht Wien, DVR: 2109667, UID-Nr. ATU61260824
> Persönlich haftender Gesellschafter:
> WienIT EDV Dienstleistungsgesellschaft mbH, A-1030 Wien,
> Thomas-Klestil-Platz 6,
> FN 255649f, Handelsgericht Wien, UID-Nr. ATU61296118
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
--
I'm just going to throw out a few ideas, not sure any or all of them will
get you in the right direction...but I had significant issues with DCs and
dynamic updates following a migration from AD integrated DNS to BIND.
What A records map to those IP addresses listed (10.1.1.1, 10.2.2.2)?
Are there any "same as zone" records that point to your DC IPs? (this is
common if DNS is AD integrated)
Do you see in the Event Viewer on the DC that it
is successfully registering the A, PTR and SRV records? (not sure what log
this is in, been a little while since I looked last).
I know you said it was the case, but your BIND config has one of the
following options set?
- allow-update { address_match_list }; <-- If the DC is pointing to the
master BIND server
- allow-update-forwarding { address_match_list }; <-- if the DC is
pointing to the slave BIND server
What happens if you issue the ipconfig /registerdns command from the DCs?
- Will
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20120103/159d8c93/attachment.html>
More information about the bind-users
mailing list