BIND 9.2.1 acting as DNS for Win2k Active Directory

Donnie Cranford mozilla at attbi.com
Mon Dec 9 01:34:17 UTC 2002


Ok, I have made the changes you said,

Here are the config files now

---------------------------------------------------------------------------------------------------
[root at Alderaan named]# cat /etc/named.conf
// BIND configuration file


options {
forwarders { 24.31.3.8; };
                directory "/var/named";
};


//#####################################################
//           Information for empire.intranet
//#####################################################
zone "empire.intranet" in {
   type master;
   file "empire.intranet.zone";
   allow-update { any; };
};

zone "_msdcs.empire.intranet" {
   type master;
   file "_msdcs.empire.intranet.zone";
   allow-update { any; };
};

zone "_sites.empire.intranet" {
   type master;
   file "_sites.empire.intranet.zone";
   allow-update { any; };
};

zone "_tcp.empire.intranet" {
   type master;
   file "_tcp.empire.intranet.zone";
   allow-update { any; };
};

zone "_udp.empire.intranet" {
   type master;
   file "_tcp.empire.intranet.zone";
   allow-update { any; };
};


// ##############################
// ### Localhost setup
// ##############################

zone "0.0.127.in-addr.arpa"   in {
   type master;
   file "db.127.0.0";
   allow-update { any; };
};

zone "1.168.192.in-addr.arpa"  in {
   type master;
   file "1.168.192.in-addr.arpa.zone";
   allow-update { any; };
};

// ##############################
// ### Cache file setup
// ##############################

zone "."   in {
   type hint;
   file "named.ca";
};
---------------------------------------------------------------------------------------------------
[root at Alderaan named]# cat empire.intranet.zone
$ORIGIN empire.intranet.
$TTL 86400      ; 1 day
@       IN SOA  Alderaan.empire.intranet. 
postmaster.empire.intranet.empire.intranet. (
                                103         ; serial
                                10800      ; refresh (3 hours)
                                3600       ; retry (1 hour)
                                604800     ; expire (1 week)
                                86400      ; minimum (1 day)
                                )
Alderaan.empire.intranet. IN A 192.168.1.102
empire.intranet.        IN NS Alderaan.empire.intranet.
_msdcs.empire.intranet. IN NS Alderaan.empire.intranet.
_sites.empire.intranet. IN NS Alderaan.empire.intranet.
_tcp.empire.intranet.   IN NS Alderaan.empire.intranet.
_udp.empire.intranet.   IN NS Alderaan.empire.intranet.
----------------------------------------------------------------------------------------------------
[root at Alderaan named]# cat _msdcs.empire.intranet.zone
$ORIGIN _msdcs.empire.intranet.
$TTL 86400      ; 1 day
@               IN SOA  Alderaan.empire.intranet. 
postmaster.empire.intranet.empire.intranet. (
                                103         ; serial
                                10800      ; refresh (3 hours)
                                3600       ; retry (1 hour)
                                604800     ; expire (1 week)
                                86400      ; minimum (1 day)
                                )
IN NS   Alderaan.empire.intranet.
---------------------------------------------------------------------------------------------------


I rerun the dcpromo and im still getting the same problem

The SOA query for _ldap._tcp.dc._msdcs.empire.intranet to find the 
primary DNS server returned:
 DNS server failure.
(error code 0x0000232A "RCODE_SERVER_FAILURE")


Mark_Andrews at isc.org wrote:

>>--------------------------------------------------------------------------
>>[root at Alderaan named]# cat empire.intranet.zone
>>$ORIGIN .
>>$TTL 86400      ; 1 day
>>@       IN SOA  Alderaan.empire.intranet. 
>>postmaster.empire.intranet.empire.intranet. (
>>                                 101         ; serial
>>                                 10800      ; refresh (3 hours)
>>                                 3600       ; retry (1 hour)
>>                                 604800     ; expire (1 week)
>>                                 86400      ; minimum (1 day)
>>                                 )
>>Alderaan.empire.intranet. IN A 192.168.1.102
>>_msdcs.empire.intranet. IN NS Alderaan.empire.intranet.
>>_sites.empire.intranet. IN NS Alderaan.empire.intranet.
>>_tcp.empire.intranet.   IN NS Alderaan.empire.intranet.
>>_udp.empire.intranet.   IN NS Alderaan.empire.intranet.
>>
>>---------------------------------------------------------------------------
>>    
>>
>
>	Well it helps if the $ORIGIN was "empire.intranet" rather than
>	".".  That way @ would expand to "empire.intranet" rather than
>	".".
>
>	Also you need NS records for the zone.
>	
>	The nameserver would have logged messages like:
>
>empire.intranet.zone:3: ignoring out-of-zone data (.)
>zone empire.intranet/IN: could not find NS and/or SOA records
>zone empire.intranet/IN: has 0 SOA records
>zone empire.intranet/IN: has no NS records
>
>  
>
>>ALL OF MY "_"subzones have this same config, I will show _msdcs for 
>>debugging
>>
>>[root at Alderaan named]# cat _msdcs.empire.intranet.zone
>>$ORIGIN .
>>$TTL 86400      ; 1 day
>>@               IN SOA  Alderaan.empire.intranet. 
>>postmaster.empire.intranet.empire.intranet. (
>>                                 100         ; serial
>>                                 10800      ; refresh (3 hours)
>>                                 3600       ; retry (1 hour)
>>                                 604800     ; expire (1 week)
>>                                 86400      ; minimum (1 day)
>>                                 )
>>IN NS   Alderaan.empire.intranet.
>>    
>>
>
>	Similar $ORIGIN problem here.
>
>  
>
>>If we can find out what is going on here, I plan on writing up a nice 
>>HOWTO and including it in the Windows .Net 2003 Beta groups im on.
>>
>>As well as providing it to the general public
>>
>>
>>Thanks
>>
>>Donnie Cranford
>>    
>>
>--
>Mark Andrews, Internet Software Consortium
>1 Seymour St., Dundas Valley, NSW 2117, Australia
>PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at isc.org
>
>
>  
>




More information about the bind-users mailing list