BIND/NT4 DDNS Problems.

Matt Larson mlarson at
Wed Feb 27 18:33:44 UTC 2002

Hi, David.

> One of the major problems is that they are unable to create a sub domain
> us on their DNS server.

Do you mean they are unable to create a subdomain of their domain for your
organization (e.g., on their name servers,
or they are unable to make their name servers a slave for your zone
(presumably, based on your email address)?  Both are
straightforward operations in DNS Manager, the GUI DNS admin tool in NT
Server 4.0.  Can you be more specific?

> Another problem is that is seems (unless I am
> mistaken) their DNS server is allowing Dynamic DNS updates, because all
> machines have an entry with their domain suffix even though it is not in
> their db files.

The NT 4.0 DNS server does not support RFC 2136 Dynamic Update.  I believe
you're confusing name server configuration with stub resolver configuration:
I bet you're getting leases from one of their DHCP servers, which is adding
their domain to your clients' search list ("domain suffix search list" in
Microsoft parlance).

> In bind there is an allow transfer field in the named.conf,
> but I cannot find anything similar in NT4 DNS.

In DNS Manager, select a server in the left pane and choose DNS->Properties.
Select the Notify tab.  Enter a list of addresses and then check the box
labeled "Only allow access...".  Now only clients at those addresses are
allowed to perform a zone transfer for that zone.

Matt Larson <mlarson at>
VeriSign Global Registry Services

More information about the bind-users mailing list