subdomain with domain

Jeff Sadowski jeff.sadowski at gmail.com
Wed Apr 1 15:25:57 UTC 2015 

The other day I found that my secondary name servers running bind
where not dishing out

_msdcs.<domain> SRV records

This was causing join issues. It turned out that the Domain controller
had 2 different scopes one for

_msdcs.<domain>
and one for
<domain>

so I shared the second _msdcs.<domain> scope with all my bind secondary servers.

All servers are running Fedora 21 with
bind.i686 32:9.9.6-8.P1.fc21

I had

zone "<domain>" {
 type slave;
# the ip address of my dc
 masters {192.168.1.2;};
 file "data/db.192.168.1.2.slave";
};

entry in all my secondary name servers. Now I have

zone "_msdcs.<domain>" {
 type slave;
# the ip address of my dc
 masters {192.168.1.2;};
 file "data/db.192.168.1.2.slave";
};
zone "<domain>" {
 type slave;
# the ip address of my dc
 masters {192.168.1.2;};
 file "data/db.192.168.1.2.slave";
};

entries on all my secondary name servers. I restarted named on all my
secondary name servers and half of my secondary servers are
working(explained below) half are not. I am certain that I allowed
zone transfers to all of my secondary name servers and that I am
pushing changes to my secondary servers.

Working being that they dish out the _msdcs entries.

examples:

nslookup -type=SRV _ldap._tcp.dc._msdcs.<domain> 192.168.1.254
Server:         192.168.1.254
Address:        192.168.1.254#53

_ldap._tcp.dc._msdcs.<domain>     service = 0 100 389 pdc.<domain>.

nslookup -type=SRV _ldap._tcp.dc._msdcs.<domain> 192.168.2.254
Server:         192.168.2.254
Address:        192.168.2.254#53

** server can't find _ldap._tcp.dc._msdcs.<domain>: SERVFAIL


nslookup -type=SRV _ldap._tcp.dc._msdcs.<domain> 192.168.3.254
Server:         192.168.3.254
Address:        192.168.3.254#53

_ldap._tcp.dc._msdcs.<domain>     service = 0 100 389 pdc.<domain>.

nslookup -type=SRV _ldap._tcp.dc._msdcs.<domain> 192.168.4.254
Server:         192.168.4.254
Address:        192.168.4.254#53

** server can't find _ldap._tcp.dc._msdcs.<domain>: SERVFAIL

All servers still dish out records in the old scope. I have more
secondaries and there doesn't seem to be rime or reason to why half
work and half do not.
I made certain that 192.168.1.254 and 192.168.2.254 both had all the
same packages and double checked all named config files where
Identical.

If anyone could give me a clue on what to check next it would be
greatly appreciated.

More information about the bind-users mailing list