Delegating AD specific zones and dynamic update

Barry Finkel b19141 at achilles.ctd.anl.gov
Mon Jul 8 15:33:28 UTC 2002 

chris.mielke at drake.edu (Milkweed) wrote:

>I am running BIND 8.3.1 for adtest.edu (obviously a test environment)
>and have delegated the AD specific zones (_msdcs, _sites, _tcp, _udp)
>to Microsoft DNS servers. In production it will be a requirement to
>use our existing domain name space for the AD domain while keeping our
>BIND DNS server static. Delegating an entire zone such as
>ad.adtest.edu to Microsoft DNS servers or configuring DDNS on the BIND
>server will not be an option.
>
>Using nslookup and dig I have confirmed the delegation is working
>properly; however, when I promote a W2K server to be a domain
>controller none of the SRV records are being updated on the Microsoft
>DNS servers. The servers I am promoting point to the BIND server for
>DNS, but the delegation should be forwarding the SRV record updates to
>the Microsoft DNS servers. The MS DNS servers have been configured as
>Active Directory integrated and are set to receive "only secure
>updates". They are also pointing to themselves as the SOA for the
>delegated AD specific forward lookup zones.
>
>Does anyone know why these updates are failing? I know this
>configuration has worked at several universities and the procedures
>for implementing it are outlined in MS article Q255913. Any help would
>be appreciated! Below are my configuration files for BIND.

I did not copy the config files in my reply.
Are there any event log entries produced by Netlogon on the DCs you
are trying to promote?

What I do is delegate the four "_" zones to the MS W2k DNS Server, but
I have those zones slaved on my BIND DNS servers, so no user has to 
know about the existence of the MS W2k box.  In your named.host file
you have

     _TCP            IN      NS      root-01.adtest.edu.
                     IN      NS      dial-center.adtest.edu.
     _UDP            IN      NS      root-01.adtest.edu.
                     IN      NS      dial-center.adtest.edu.
     _MSDCS          IN      NS      root-01.adtest.edu.
                     IN      NS      dial-center.adtest.edu.
     _SITES          IN      NS      root-01.adtest.edu.
                     IN      NS      dial-center.adtest.edu.

Are both of these name servers W2k DNS boxes?
Note that there have been many W2k-related postings to bind-users in
the past few years.
----------------------------------------------------------------------
Barry S. Finkel
Electronics and Computing Technologies Division
Argonne National Laboratory          Phone:    +1 (630) 252-7277
9700 South Cass Avenue               Facsimile:+1 (630) 252-4601
Building 222, Room D209              Internet: BSFinkel at anl.gov
Argonne, IL   60439-4828             IBMMAIL:  I1004994

More information about the bind-users mailing list