BIND 9.2.1 acting as DNS for Win2k Active Directory
Donnie Cranford
mozilla at attbi.com
Mon Dec 9 01:34:17 UTC 2002
Ok, I have made the changes you said,
Here are the config files now
---------------------------------------------------------------------------------------------------
[root at Alderaan named]# cat /etc/named.conf
// BIND configuration file
options {
forwarders { 24.31.3.8; };
directory "/var/named";
};
//#####################################################
// Information for empire.intranet
//#####################################################
zone "empire.intranet" in {
type master;
file "empire.intranet.zone";
allow-update { any; };
};
zone "_msdcs.empire.intranet" {
type master;
file "_msdcs.empire.intranet.zone";
allow-update { any; };
};
zone "_sites.empire.intranet" {
type master;
file "_sites.empire.intranet.zone";
allow-update { any; };
};
zone "_tcp.empire.intranet" {
type master;
file "_tcp.empire.intranet.zone";
allow-update { any; };
};
zone "_udp.empire.intranet" {
type master;
file "_tcp.empire.intranet.zone";
allow-update { any; };
};
// ##############################
// ### Localhost setup
// ##############################
zone "0.0.127.in-addr.arpa" in {
type master;
file "db.127.0.0";
allow-update { any; };
};
zone "1.168.192.in-addr.arpa" in {
type master;
file "1.168.192.in-addr.arpa.zone";
allow-update { any; };
};
// ##############################
// ### Cache file setup
// ##############################
zone "." in {
type hint;
file "named.ca";
};
---------------------------------------------------------------------------------------------------
[root at Alderaan named]# cat empire.intranet.zone
$ORIGIN empire.intranet.
$TTL 86400 ; 1 day
@ IN SOA Alderaan.empire.intranet.
postmaster.empire.intranet.empire.intranet. (
103 ; serial
10800 ; refresh (3 hours)
3600 ; retry (1 hour)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
Alderaan.empire.intranet. IN A 192.168.1.102
empire.intranet. IN NS Alderaan.empire.intranet.
_msdcs.empire.intranet. IN NS Alderaan.empire.intranet.
_sites.empire.intranet. IN NS Alderaan.empire.intranet.
_tcp.empire.intranet. IN NS Alderaan.empire.intranet.
_udp.empire.intranet. IN NS Alderaan.empire.intranet.
----------------------------------------------------------------------------------------------------
[root at Alderaan named]# cat _msdcs.empire.intranet.zone
$ORIGIN _msdcs.empire.intranet.
$TTL 86400 ; 1 day
@ IN SOA Alderaan.empire.intranet.
postmaster.empire.intranet.empire.intranet. (
103 ; serial
10800 ; refresh (3 hours)
3600 ; retry (1 hour)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
IN NS Alderaan.empire.intranet.
---------------------------------------------------------------------------------------------------
I rerun the dcpromo and im still getting the same problem
The SOA query for _ldap._tcp.dc._msdcs.empire.intranet to find the
primary DNS server returned:
DNS server failure.
(error code 0x0000232A "RCODE_SERVER_FAILURE")
Mark_Andrews at isc.org wrote:
>>--------------------------------------------------------------------------
>>[root at Alderaan named]# cat empire.intranet.zone
>>$ORIGIN .
>>$TTL 86400 ; 1 day
>>@ IN SOA Alderaan.empire.intranet.
>>postmaster.empire.intranet.empire.intranet. (
>> 101 ; serial
>> 10800 ; refresh (3 hours)
>> 3600 ; retry (1 hour)
>> 604800 ; expire (1 week)
>> 86400 ; minimum (1 day)
>> )
>>Alderaan.empire.intranet. IN A 192.168.1.102
>>_msdcs.empire.intranet. IN NS Alderaan.empire.intranet.
>>_sites.empire.intranet. IN NS Alderaan.empire.intranet.
>>_tcp.empire.intranet. IN NS Alderaan.empire.intranet.
>>_udp.empire.intranet. IN NS Alderaan.empire.intranet.
>>
>>---------------------------------------------------------------------------
>>
>>
>
> Well it helps if the $ORIGIN was "empire.intranet" rather than
> ".". That way @ would expand to "empire.intranet" rather than
> ".".
>
> Also you need NS records for the zone.
>
> The nameserver would have logged messages like:
>
>empire.intranet.zone:3: ignoring out-of-zone data (.)
>zone empire.intranet/IN: could not find NS and/or SOA records
>zone empire.intranet/IN: has 0 SOA records
>zone empire.intranet/IN: has no NS records
>
>
>
>>ALL OF MY "_"subzones have this same config, I will show _msdcs for
>>debugging
>>
>>[root at Alderaan named]# cat _msdcs.empire.intranet.zone
>>$ORIGIN .
>>$TTL 86400 ; 1 day
>>@ IN SOA Alderaan.empire.intranet.
>>postmaster.empire.intranet.empire.intranet. (
>> 100 ; serial
>> 10800 ; refresh (3 hours)
>> 3600 ; retry (1 hour)
>> 604800 ; expire (1 week)
>> 86400 ; minimum (1 day)
>> )
>>IN NS Alderaan.empire.intranet.
>>
>>
>
> Similar $ORIGIN problem here.
>
>
>
>>If we can find out what is going on here, I plan on writing up a nice
>>HOWTO and including it in the Windows .Net 2003 Beta groups im on.
>>
>>As well as providing it to the general public
>>
>>
>>Thanks
>>
>>Donnie Cranford
>>
>>
>--
>Mark Andrews, Internet Software Consortium
>1 Seymour St., Dundas Valley, NSW 2117, Australia
>PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
>
>
>
>
More information about the bind-users
mailing list