AD DDNS Updates ignored with Bind 9 ?
Kai Berssin
webmaster at kberssin.de
Tue Apr 13 14:40:19 UTC 2004
I'm about to implement an Active Directory environment with Windows
Server 2003 Active Directory Domain Controllers and Bind 9.2.1 DNS
servers. For that, I've created 4 new zones "_mcds.DOMAINNAME",
"_sites.DOMAINNAME", "_tcp.DOMAINNAME", and "_udp.DOMAINNAME" on the
Bind server, each zone containing an "allow-update { IP_OF_AD_DCs; };"
statement (yes, I know about the security issues). Adding or updating
a record with "nsupdate" works fine, i.e. in general the dynamic
update feature works. Adding a new AD DC with DCPROMO also works (in
the sense that there is no error message), i.e basically the
communication between AD and DNS functions, and AD recognizes the DNS
server as to be configured for dynamic updates (otherwise DCPROMO
would complain). However, none of the records generated by DCPROMO
(the stuff you can find in netlogon.dns) is written to the Bind zone
files or the corresponding JNL files. Does anybody has experienced the
same problems and can offer me a tip as to what the problem might be ?
If I trace the communication between the DC AD and the DNS server
during DCPROMO with Netmon, I cannot find any errors or warnings; the
only curious thing is a line "Dyn Upd PRE records to DOMAINNAME" ->
"Prerequisite: DOMAINNAME of type Req for all on class Unknown class".
Apparently, the DNS record class in the prerequisites record is
unknown to Netmon, is it also unknown to Bind ?
Kind regards,
Kai
More information about the bind-users
mailing list