Windows 2000 - Active Directory & underscores

Chapman, Matt chapmam2 at ocps.k12.fl.us
Tue Feb 8 12:31:22 UTC 2000 

check-names ignore 

in your bind named.conf file should fix it.

-matt
PS. I am living through your hell as well with w2k.

My solution was to make the two zones one internal and one external. Split
brain the dns.  Any servers like mail,www etc are in the "real" dns outside
which the internet is aware of.  The w2k servers can active dir and
replicate amongst themselves and be happy without harming nor updating from
or to my linux bind box!

let me know if I can help, we are a RDP for Microsoft and have been using
the release to market version for months now.


-----Original Message-----
From: Brian Miller [mailto:bmiller at telstra.com.au]
Sent: Tuesday, February 08, 2000 1:20 AM
To: comp-protocols-dns-bind at moderators.isc.org
Subject: Windows 2000 - Active Directory & underscores


Yes, it's another question about the two most common BIND problems.

We are starting to look at using BIND for our Active Directory
used by Windows 2000. (I look after BIND, others are looking at
Active Directory.)

I have set up a  dynamic zone (dyn-test.in.telstra.com.au - 
an internal zone, so don't even bother trying to look at it)
which I can happily update with "nsupdate".

The Win2000 boxes are configured to use this domain for their Active
Directory and stuff is added.  A few "A" types, some "CNAME" types
and a lot of "SRV" types.

The evil comes in when:

   gc._msdcs.testad-03.dyn-test.in.telstra.com.au. 600 IN A 172.57.38.136

is attempted to be added.  BIND rejects this in /var/adm/messages with a:

   named[5756]: owner name "gc._msdcs.testad-03.dyn-test.in.telstra.com.au"
      IN (primary) is invalid - rejecting

I have read RFCs 921/952/1123 and confirmed that the evil "_" is the cause
of the problem.

Has any one else seen Microsoft dynamically create these zones with
underscores in them?  Are they configurable from Win2000? Can Win2000
be told to be RFC compliant?

The group doing the Active Directory testing have already tried
using Cisco's Network Registrar, which they say doesn't work; and
the Microsoft DNS server which worked for them.

Thanks in advance,

Brian
-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Brian Miller                                 Telstra
WAN Products                                 30/242 Exhibition Street
Network & Technology Group                   Melbourne, VIC 3000
bmiller at telstra.com.au                       Australia
Tel: +61-3-9632-3883                         FAX: +61-3-9632-3884
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

More information about the bind-users mailing list