Win2k & UNIX bind 8x

[Kevin Darcy]

The _msdcs subdomain is not the only one used by Active Directory. Looking at
one of our test AD domains, it's also writing SRV records to a _udp, a _tcp
and a _sites subdomain (e.g. _ldap._tcp.{domain name}). Additionally, I think
it's also writing A records for the names of the Domain Controllers
themselves directly into the domain. I don't know whether it can be
configured on the Win2K side to use a subdomain for those Domain Controller
names, or whether you could just get away with putting those A records in
statically...


- Kevin

Jeff Bowers wrote:

> We have implemented a win2k Active Dir.
> I have used the proper (i believe) named.conf entry for a master of the
> subdomain...
>
> zone "_msdcs.company.com" {
>     type master;
>     file "db.msdcs";
>     check-names ignore;
>     allow-update {any}; };
> };
>
> I wanted to use "localnets" for allow-update, but unsure of where they get
> "predefined" at.
>
> I did get updates from the new gc sometime during the night, but I mostly
> get the following error...
>
> Sep 8 11:27:25 pebble named[2737]: unapproved update from
> [90.132.162.221].1981 for 162.132.90.in-addr.arpa (or for company.com).
>
> anyone get this to work yet?  DNS is Solaris7 with BIND 8.1