One last W2K / Active Directory / BIND question

Josh Littlefield joshl at cisco.com
Fri Aug 3 15:02:26 UTC 2001 

This registry entry will also disable registration of A records for the Global
Catalog, which may be an issue if you have a multi-domain W2K setup.  Of
course, you could always add the missing GC A records by hand.  I think the Q
article explains all this.  If not, there is information in the MS W2K Resource
Kit / Platform SDK about *all* the records registered, including these GC A
records.

If you don't use the registry setting, then the domain controllers (at least as
of W2K SP1) will get all bothered and consider themselves to have failed at the
entire registration process.  They'll keep trying at regular intervals, and
will continue to log problems, which bothers some Windows admins.  Domain
controllers for related domains (sub-domains) will also get upset.  Both sets
of controllers will take much longer to boot in the face of these failures.

The A records at "example.com" that are causing the problem are NOT needed
unless you have non-MS (or older MS) LDAP clients querying servers and being
given referrals.  The LDAP referral will direct the client to another name.
Newer MS LDAP clients will assume this is a Windows Domain name, and will
perform various SRV record lookups to locate the actual servers.  Other LDAP
clients will assume the name in the referral is the name of the server itself,
and do A record lookups on the name.  That's why the A records get added on the
domain name itself.

Cricket Liu wrote:

> Hey, John!
>
> > The problem appears to be that the W2K server wants to add an A
> > record assigning its IP address to  the name "example.com." -- at least
> > that's the only new record.  The existing record for sp01.example.com was
> > not changed.  The new A record an annoying side effect in the lab, but in
> > our production environment it would be an error.
>
> I agree with Tim.  Try using the registry entry that disables the addition
> of
> the A record for the Windows 2000 domain name.  (See Microsoft
> Knowledge Base article Q246804 under "Netlogon A Registrations.")
>
> Would you please let us know if that solves it?  I hadn't heard of any
> problems with the setup I described, but I'm happy to fix the book if I
> need to.
>
> cricket

--
=====================================================================
Josh Littlefield                                  Cisco Systems, Inc.
joshl at cisco.com                                      250 Apollo Drive
tel: 978-244-8378  fax: same               Chelmsford, MA  01824-3627

More information about the bind-users mailing list