Active Directory and DNS
Jim Reid
jim at rfc1035.com
Thu Aug 24 10:28:30 UTC 2000
>>>>> "pat" == pat moffatt <moffatt.pat at itsligo.ie> writes:
pat> Hi, we have recently upgraded some of our servers to win2K
pat> our DNS are two linux boxes. I followed the instructions by
pat> coping the win2K file into our zone file but the following
pat> three lines are causing problems.
pat> gc._msdcs.ourzone.org. 600 IN A 190.2.3.4
pat> gc._msdcs.ourzone.org. 600 IN A 190.2.4.3
pat> gc._msdcs.ourzone.org. 600 IN A 170.2.1.1
pat> I've narrowed the problem down to the underscore charachter
pat> when this is left in I no longer have authority for my zone.
Correct. Underscores are illegal characters in host names. This means
that they're not supposed to be in the names of A records. BIND8 by
default does not allow illegal names. So when you load the now broken
zone file, the name server screams about the illegal names and makes
itself non-authoritative for the zone. That prevents anyone doing a
zone transfer of the zone. [The rationale there is the zone is broken,
so don't let that brokenness spread.] Use a check-names clause in the
zone{} statement to disable these checks.
It might be an idea to delegate _msdcs.ourzone.org to the W2K boxes.
This would allow all those W2K systems to do all their Dynamic DNS
stuff for Active Directory well away from your important DNS data.
Personally, I wouldn't want Bill's software (if I ever ran any of it)
scribbling all over my DNS zone with whatever they felt like.
More information about the bind-users
mailing list