bind-users Digest V6 #299
b19141 at achilles.ctd.anl.gov
Fri Nov 12 15:14:20 UTC 2004
>> My replies to Noman Zhang
> Norman Zhang <norman.zhang at rd.arkonnetworks.com> replies to mine
>Thanks for your reply. The rndc key works fine. I think it has been
>discussed here before, but I can't recall why. I've just added _msdcs,
>_sites, _tcp, _udp zones to the already running named.conf. I tried
>converting them to 192.168.22.0/24, but still couldn't update.
>> What are you trying to get AD to register? The SRV and CNAME records
>> in the four/six "_" zones? How have you set up these MS zones? If
>> you have used AD-integrated with secure updates, then the MS security
>> model is not iplemented in BIND, so the DDNS updates will fail.
>> If you are using non-secure updates, then this should work.
>The zone files are created and placed under /var/named/ with
>uid.gid=named.named. This is W2K3 box just got upgraded from NT is
>trying to become a DC by registering AD entries in BIND. I don't think
>it uses any secure updates. How do I check? I grep the log under
>/var/log/, but couldn't find the denied activity. Is there a speific
>entry that I should grep for?
>> If you are trying to get individual W2k/W2k+3 machines to register
>> themselves via DHCP, then I am not sure what the problem might be.
>> Are you having the DHCP server register both forwards and reverses?
>> If so, are both registrations failing? I am not a DHCP expert, and I
>> suggest finding a newsgroup for your DHCP software.
>My W2K3 has a static IP and it has already been entered in zone files. I
>would like to enable it to update the SRV and CNAME entries in the "_"
>zone files. DHCP so far has no problem registering PTR and A records for
> IPs that it gives out. Do you see any conflicts with my config above?
A few things I can suggest.
1) Run a packet sniffer on the BIND box to see what packets are
arriving. Stop/start the Netlogon Service on the DC to force the
DC to re-register its CNAME and SRV records.
2) Look for Event Log entries on the DC. The Netlogon Service should
produce events if something fails.
3) Insure that self-registration is ENABLED for the DC. If
self-registration is disabled on a DC, the Netlogon process will
not attempt to register its CNAME and SRV records. I have no idea
why the MS code is written this way, as self-registration and
CNAME/SRV record registrations are two different and unrelated DDNS
activities. I am not sure if this case will produce Event Log
entries, as you have told the operating system not to do DDNS.
Barry S. Finkel
Computing and Information Systems Division
Argonne National Laboratory Phone: +1 (630) 252-7277
9700 South Cass Avenue Facsimile:+1 (630) 252-4601
Building 222, Room D209 Internet: BSFinkel at anl.gov
Argonne, IL 60439-4828 IBMMAIL: I1004994
More information about the bind-users