Windows 2000 interoperability with BIND 8.2.2.5
Mark.Andrews at nominum.com
Mark.Andrews at nominum.com
Wed Feb 23 21:16:03 UTC 2000
BIND checks the RR's being added to a zone to see if they
comform to the current policy level w.r.t. the use of
illegal hostnames in a RR for this zone. See check-names.
Now Window2000 tries to create a illegal hostname
gc._msdcs.zzz.com and BIND rejects this in its default
configuration. You should really be asking MS why the W2k
box is deliberatly ignoring RFC 952 when it chooses this name.
Mark
>
> Hi,
>
> I'm trying something interesting. Running BIND 8.2.2.5 on Solaris 2.51
> machine. Creating an Active Directory/Windows 2000 implementation. We are
> attempting to use BIND DNS as the authoritative source for DNS in the
> organization, instead of using Windows 2000 as the authoritative source.
> We're going with a single domain that matches the currently existing root
> domain inside the company (let's call it zzz.com)
>
> ".110" is a W2K host called DC1.zzz.com. The Solaris (103.14) host has been
> set to be authoritative for the zzz.com domain.
>
>
> I currently have an "allow-update {all;} ;" statement in the config files
> for BIND to make sure I'm getting Dynamic DNS entries from the W2K Servers.
> For the most part, I do indeed see all the new entries that a Windows 2000
> Domain Controller will throw into the zone file. Occasionally, I get errors:
>
> Getting the following error on the Solaris / BIND side:
>
>
> "xxx" and "yyy" were added for privacy:
>
> 22-Feb-2000 12:20:08.540 update: error processing update packet (REFUSED) id
> 5696 from [xxx.yyy.103.110].2676
> 22-Feb-2000 13:16:01.116 update: error processing update packet (REFUSED) id
> 336 from [xxx.yyy.103.111].1944
> 22-Feb-2000 13:20:10.736 update: error processing update packet (REFUSED) id
> 5756 from [xxx.yyy.103.110].2920
> 22-Feb-2000 14:16:03.844 update: error processing update packet (REFUSED) id
> 374 from [xxx.yyy.103.111].2073
> 22-Feb-2000 14:20:13.497 update: error processing update packet (REFUSED) id
> 5816 from [xxx.yyy.103.110].3157
>
>
> Looks like they are occurring each half hour.
>
>
> On the W2K side we're getting:
>
> Event Type: Error
> Event Source: NETLOGON
> Event Category: None
> Event ID: 5774
> Date: 2/22/2000
> Time: 11:11:54 AM
> User: N/A
> Computer: DC1
> Description:
> Registration of the DNS record 'gc._msdcs.zzz.com. 600 IN A xxx.yyy.103.110'
> failed with the following error:
> DNS server unable to interpret format.
>
>
> As an eventual next step we want W2K to be secondary for the domain zzz.com.
> So, we added that in, and now...
>
> Another error we're getting is:
>
> Event Type: Error
> Event Source: DNS
> Event Category: None
> Event ID: 6524
> Date: 2/20/2000
> Time: 1:23:57 AM
> User: N/A
> Computer: DC1
> Description:
> Invalid response from master DNS server at xxx.yyy.103.14 during attempted
> zone transfer of zone zzz.com. Check The DNS server at xxx.yyy.103.14 and
> insure that it is authoritative for this zone. This can be done by viewing
> or updating the list of authoritative servers for the zone. When using the
> DNS console, select zone zzz.com Properties at server xxx.yyy.103.14 and
> click the Name Servers tab. If needed, you can add or update this server in
> the list there. As an alternative solution, you could also modify settings
> in the Zone Transfer tab to allow transfer of the zone to this and other DNS
> servers
>
> Any initial help on this sort of new implementation would be appreciated. I
> know this isn't really a specific question, but I'm hoping someone can start
> to point us in a direction to start to at least understand and solve the
> errors.
>
> Thanks!
>
> ... Craig
>
> Craig Mason, MCSE, MBA
> Mason Technology, Inc.
> A Microsoft Certified Solutions Provider
> cmason at masontechnology.com
> (303) 756-3363
>
> For additional information please see us at www.masontechnology.com
>
>
>
>
--
Mark Andrews, Nominum Inc. / Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at nominum.com
More information about the bind-users
mailing list