Windows 2000 - Active Directory & underscores

dharris at kcp.com dharris at kcp.com
Thu Feb 10 14:08:11 UTC 2000



Sorry, Barry - I missed that one.

I have only Un*x-based DNS, with an allow-update set for a test-bed W2K DC.
Until I set the check-names warn I would regularly see a reference to an
invalid A record for the global catalog machine.  The administrators for
the test-bed complained because they could not use DNS to look up the
global catalog machine, so I assumed that the invalid A record was being
rejected but all other updates were being allowed.  Now that I only warn,
rather than ignoring, the test-bed people have quit complaining.

A long-winded way of saying my experience indicates that BIND actually is
ignoring bad dynamic update requests when told to do so.






Barry Finkel <b19141 at achilles.ctd.anl.gov> on 02/10/2000 07:54:56 AM
                                                              
                                                              
                                                              
 To:      bind-users at isc.org                                  
                                                              
 cc:                                                          
                                                              
                                                              
                                                              
 Subject: RE: Windows 2000 - Active Directory & underscores   
                                                              





Brian Miller [mailto:bmiller at telstra.com.au] wrote:
>The evil comes in when:
>
>   gc._msdcs.testad-03.dyn-test.in.telstra.com.au. 600 IN A 172.57.38.136
>
>is attempted to be added.  BIND rejects this in /var/adm/messages with a:
>
>   named[5756]: owner name
"gc._msdcs.testad-03.dyn-test.in.telstra.com.au"
>      IN (primary) is invalid - rejecting

"Chapman, Matt" <chapmam2 at ocps.k12.fl.us> replied:
>check-names ignore
>
>in your bind named.conf file should fix it.

My addendum:
I sent a posting on Jan 10 on this topic, and I did not get any
responses.  Here is part of my posting again --

>In our setup we have a MS Win2k RTM DNS with one forward zone.
>Our other zones are on Solaris BIND 8.2.2-p5 boxes.  When the MS DNS
>zone is transferred to the BIND DNS, I see this message:
>
>     owner name "gc._msdcs.w2k.anl.gov" IN (secondary) is invalid -
proceeding anyway
>
>I looked at the zone that was transferred, and that string with the
>underscore appears only twice:
>
>$ORIGIN _tcp.Default-First-Site-Name._sites.gc._msdcs.w2k.anl.gov.
>$ORIGIN _tcp.gc._msdcs.w2k.anl.gov.
>
>And in both of these the string is part of a longer string.  Is BIND
>removing the offending line from the zone being transferred?

----------------------------------------------------------------------
Barry S. Finkel
Electronics and Computing Technologies Division
Argonne National Laboratory          Phone:    +1 (630) 252-7277
9700 South Cass Avenue               Facsimile:+1 (630) 252-9689
Building 221, Room B236              Internet: BSFinkel at anl.gov
Argonne, IL   60439-4844             IBMMAIL:  I1004994









More information about the bind-users mailing list