Reject of W2K gc._msdcs...

Craig Mason cmason at masontechnology.com
Mon Mar 6 04:40:56 UTC 2000


As promised, here is what I tried to resolve the problems of child domains
not loading any data into their perspective zone file. Sample source files
below from the master BIND server for "zzz.com".


For those of you just tuning in, trying to make BIND 8.2.2.p5 on Solaris 2.6
be the source of DNS in an organization, preparing for a W2K / Active
Directory strategy where Unix is the master of all DNS knowledge, accepting
all Dynamic updates for Windows 2000 domains and child domains.


(Note when reading this below, realize that it hasn't worked. All dynamic
information is being populated into zzz.com's zone file. The "check-names
ignore" allows the host entry gc._msdcs.zzz.com to make it into the main
zone file, it will not go down into _msdcs.zzz.com's zone).


W2K Active Directory will begin at the "root" (zzz.com) and child domains
will be subdomain.zzz.com. In this example, I'm using eb.zzz.com. They will
be "domains" in a single tree/multiple domain configuration of Active
Directory. For testing, all hosts are on a "103" subnet for testing.  .110
is the first Domain Controller in the A.D. tree for zzz.com. .130 is the
first domain controller for a child domain eb.zzz.com.


The "symptom" is that all information simple goes into zzz.com's zone file.
The child zones (eb.zz.com, or _msdcs.zzz.com) are ignored. I'm thinking
this might be the problems mentioned by Mark in earlier posts ???



Anyway, on to the show.




My named.conf

---------------


options {
        directory "/var/named";
	allow-query { any; };
};

logging {
	channel querylog {
		file "/var/adm/dnsquery.log" versions 1 size 10m;
		print-time yes;
		print-category yes;
	} ;
	channel packetlog {
		file "/var/adm/dnspacket.log" versions 1 size 10m;
		print-time yes;
		print-category yes;
	} ;
	channel securitylog {
		file "/var/adm/dnssecurity.log" versions 1 size 10m;
		print-time yes;
		print-category yes;
	} ;
	channel dblog {
		file "/var/adm/dnsdb.log" versions 1 size 10m;
		print-time yes;
		print-category yes;
	} ;
	channel eventlog {
		file "/var/adm/dnsevent.log" versions 1 size 10m;
		print-time yes;
		print-category yes;
	} ;
	channel xferinlog {
		file "/var/adm/dnsxferin.log" versions 1 size 10m;
		print-time yes;
		print-category yes;
	} ;
	channel xferoutlog {
		file "/var/adm/dnsxferout.log" versions 1 size 10m;
		print-time yes;
		print-category yes;
	} ;
	channel updatelog {
		file "/var/adm/dnsupdate.log" versions 1 size 10m;
		print-time yes;
		print-category yes;
	} ;
	channel otherlog {
		file "/var/adm/dnsother.log" versions 1 size 10m;
		print-time yes;
		print-category yes;
	} ;
        category queries { querylog; };
        category packet { packetlog; };
        category security { securitylog; };
        category db { dblog; };
        category eventlib { eventlog; };
	category config { otherlog; };
	category insist { otherlog; };
	category maintenance { otherlog; };
	category notify { otherlog; };
	category load { otherlog; };
	category parser { otherlog; };
	category update { updatelog; };
};

zone "zzz.com" in {
        type master;
        file "master/zzz.com";
	allow-update { any; };
	allow-transfer { xxx.yyy.103.110; xxx.yyy.103.130; };
	check-names ignore;
};

zone "0.0.127.in-addr.arpa" in {
        type master;
        file "master/127.0.0";
	check-names ignore;
};

zone "103.yyy.xxx.in-addr.arpa" in {
        type master;
        file "master/xxx.yyy.103";
	allow-update { any; };
	check-names ignore;
};
; commenting because it's not working...

; zone "eb.zzz.com" in {
; 	type master;
; 	file "master/eb.zzz.com";
; 	allow-update { any; };
; 	check-names ignore;
; };
;
; zone "_msdcs.zzz.com" in {
; 	type master;
; 	file "master/_msdcs.zzz.com";
; 	allow-update { any; };
; 	check-names ignore;
; }; ;
;
; zone "_msdcs.eb.zzz.com" in {
; 	type master;
; 	file "master/_msdcs.eb.zzz.com";
; 	allow-update { any; };
; 	check-names warn;
; };
;

---------------
(*** Note, dynamic data has been removed by me before attaching these files.
When BIND is running, DDNS updates are showing up in file zzz.com)



zone file zzz.com

;BIND DUMP V8
$ORIGIN com.
zzz	86400	IN	SOA	unixbindserver.zzz.com. postmaster.zzz.com. (
		37 3600 900 3600000 86400 )	;Cl=2
	86400	IN	NS	unixbindserver.zzz.com.	;Cl=2
	86400	IN	NS	dc1.zzz.com.	;Cl=2
$ORIGIN eb.zzz.com.
	86400	IN	NS	dceb.eb.zzz.com.	;Cl=2

<... lots of interesting Microsoft DDNS  A records deleted here ...>



---------------

zone file eb.zzz.com


;BIND DUMP V8
$ORIGIN com.
zzz	86400	IN	SOA	unixbindserver.zzz.com. postmaster.zzz.com. (
		37 3600 900 3600000 86400 )	;Cl=2
	86400	IN	NS	unixbindserver.zzz.com.	;Cl=2
	86400	IN	NS	dc1.zzz.com.	;Cl=2
$ORIGIN eb.zzz.com.
	86400	IN	NS	dceb.eb.zzz.com.	;Cl=2

---------------

zone file _msdcs.zzz.com


;BIND DUMP V8
$ORIGIN com.
zzz	86400	IN	SOA	unixbindserver.zzz.com. postmaster.zzz.com. (
		37 3600 900 3600000 86400 )	;Cl=2
	86400	IN	NS	unixbindserver.zzz.com.	;Cl=2
	86400	IN	NS	dc1.zzz.com.	;Cl=2
$ORIGIN eb.zzz.com.
	86400	IN	NS	dceb.eb.zzz.com.	;Cl=2

---------------

zone file _msdcs.eb.zzz.com

;BIND DUMP V8
$ORIGIN com.
zzz	86400	IN	SOA	unixbindserver.zzz.com. postmaster.zzz.com. (
		37 3600 900 3600000 86400 )	;Cl=2
	86400	IN	NS	unixbindserver.zzz.com.	;Cl=2
	86400	IN	NS	dc1.zzz.com.	;Cl=2
$ORIGIN eb.zzz.com.
	86400	IN	NS	dceb.eb.zzz.com.	;Cl=2


---------------

reverse lookup file xxx.yyy.103


;BIND DUMP V8
$ORIGIN yyy.xxx.in-addr.arpa.
103	86400	IN	SOA	unixbindserver.zzz.com. postmaster.zzz.com. (
		730 3600 900 3600000 86400 )	;Cl=5
	86400	IN	NS	unixbindserver.zzz.com.	;Cl=5
$ORIGIN 103.yyy.xxx.in-addr.arpa.
100	86400	IN	PTR	mailman.zzz.com.	;Cl=5
130	1200	IN	PTR	dceb.eb.zzz.com.	;Cl=5
14	86400	IN	PTR	unixbindserver.zzz.com.	;Cl=5
110	1200	IN	PTR	dc1.zzz.com.	;Cl=5

---------------


... Craig

Craig Mason
Mason Technology, Inc.
cmason at masontechnology.com
(303) 756-3363





More information about the bind-users mailing list