Windows 2000 interoperability with BIND 8.2.2.5

Wed Feb 23 21:16:03 UTC 2000

	BIND checks the RR's being added to a zone to see if they
	comform to the current policy level w.r.t. the use of
	illegal hostnames in a RR for this zone.  See check-names.

	Now Window2000 tries to create a illegal hostname
	gc._msdcs.zzz.com and BIND rejects this in its default
	configuration.  You should really be asking MS why the W2k
	box is deliberatly ignoring RFC 952 when it chooses this name.

	Mark
> 
> Hi,
> 
> I'm trying something interesting. Running BIND 8.2.2.5 on Solaris 2.51
> machine. Creating an Active Directory/Windows 2000 implementation. We are
> attempting to use BIND DNS as the authoritative source for DNS in the
> organization, instead of using Windows 2000 as the authoritative source.
> We're going with a single domain that matches the currently existing root
> domain inside the company (let's call it zzz.com)
> 
> ".110" is a W2K host called DC1.zzz.com. The Solaris (103.14) host has been
> set to be authoritative for the zzz.com domain.
> 
> 
> I currently have an "allow-update {all;} ;" statement in the config files
> for BIND to make sure I'm getting Dynamic DNS entries from the W2K Servers.
> For the most part, I do indeed see all the new entries that a Windows 2000
> Domain Controller will throw into the zone file. Occasionally, I get errors:
> 
> Getting the following error on the Solaris / BIND side:
> 
> 
> "xxx" and "yyy" were added for privacy:
> 
> 22-Feb-2000 12:20:08.540 update: error processing update packet (REFUSED) id
> 5696 from [xxx.yyy.103.110].2676
> 22-Feb-2000 13:16:01.116 update: error processing update packet (REFUSED) id
> 336 from [xxx.yyy.103.111].1944
> 22-Feb-2000 13:20:10.736 update: error processing update packet (REFUSED) id
> 5756 from [xxx.yyy.103.110].2920
> 22-Feb-2000 14:16:03.844 update: error processing update packet (REFUSED) id
> 374 from [xxx.yyy.103.111].2073
> 22-Feb-2000 14:20:13.497 update: error processing update packet (REFUSED) id
> 5816 from [xxx.yyy.103.110].3157
> 
> 
> Looks like they are occurring each half hour.
> 
> 
> On the W2K side we're getting:
> 
> Event Type:	Error
> Event Source:	NETLOGON
> Event Category:	None
> Event ID:	5774
> Date:		2/22/2000
> Time:		11:11:54 AM
> User:		N/A
> Computer:	DC1
> Description:
> Registration of the DNS record 'gc._msdcs.zzz.com. 600 IN A xxx.yyy.103.110'
> failed with the following error:
> DNS server unable to interpret format.
> 
> 
> As an eventual next step we want W2K to be secondary for the domain zzz.com.
> So, we added that in, and now...
> 
> Another error we're getting is:
> 
>  Event Type:	Error
> Event Source:	DNS
> Event Category:	None
> Event ID:	6524
> Date:		2/20/2000
> Time:		1:23:57 AM
> User:		N/A
> Computer:	DC1
> Description:
> Invalid response from master DNS server at xxx.yyy.103.14 during attempted
> zone transfer of zone zzz.com.  Check The DNS server at xxx.yyy.103.14 and
> insure that it is authoritative for this zone.  This can be done by viewing
> or updating the list of authoritative servers for the zone.  When using the
> DNS console, select zone zzz.com Properties at server xxx.yyy.103.14 and
> click the Name Servers tab.  If needed, you can add or update this server in
> the list there.  As an alternative solution, you could also modify settings
> in the Zone Transfer tab to allow transfer of the zone to this and other DNS
> servers
> 
> Any initial help on this sort of new implementation would be appreciated. I
> know this isn't really a specific question, but I'm hoping someone can start
> to point us in a direction to start to at least understand and solve the
> errors.
> 
> Thanks!
> 
> ... Craig
> 
> Craig Mason, MCSE, MBA
> Mason Technology, Inc.
> A Microsoft Certified Solutions Provider
> cmason at masontechnology.com
> (303) 756-3363
> 
> For additional information please see us at www.masontechnology.com
> 
> 
> 
> 
--
Mark Andrews, Nominum Inc. / Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at nominum.com