DDNS Failed
Norman Zhang
norman.zhang at rd.arkonnetworks.com
Fri Nov 12 23:08:33 UTC 2004
>>Thanks for your reply. The rndc key works fine. I think it has been
>>discussed here before, but I can't recall why. I've just added _msdcs,
>>_sites, _tcp, _udp zones to the already running named.conf. I tried
>>converting them to 192.168.22.0/24, but still couldn't update.
>
>>> What are you trying to get AD to register? The SRV and CNAME records
>>> in the four/six "_" zones? How have you set up these MS zones? If
>>> you have used AD-integrated with secure updates, then the MS security
>>> model is not iplemented in BIND, so the DDNS updates will fail.
>>> If you are using non-secure updates, then this should work.
>
>>The zone files are created and placed under /var/named/ with
>>uid.gid=named.named. This is W2K3 box just got upgraded from NT is
>>trying to become a DC by registering AD entries in BIND. I don't think
>>it uses any secure updates. How do I check? I grep the log under
>>/var/log/, but couldn't find the denied activity. Is there a speific
>>entry that I should grep for?
>
>>> If you are trying to get individual W2k/W2k+3 machines to register
>>> themselves via DHCP, then I am not sure what the problem might be.
>>> Are you having the DHCP server register both forwards and reverses?
>>> If so, are both registrations failing? I am not a DHCP expert, and I
>>> suggest finding a newsgroup for your DHCP software.
>
>>My W2K3 has a static IP and it has already been entered in zone files. I
>>would like to enable it to update the SRV and CNAME entries in the "_"
>>zone files. DHCP so far has no problem registering PTR and A records for
>>IPs that it gives out. Do you see any conflicts with my config above?
>
> A few things I can suggest.
>
> 1) Run a packet sniffer on the BIND box to see what packets are
> arriving. Stop/start the Netlogon Service on the DC to force the
> DC to re-register its CNAME and SRV records.
Thanks Barry for your patience and help. I ran ethereal and capture the
following info (It's also included as attachment in case the lines get
wrapped. Sorry). Do you see anything strange with this?
_msdcs.hq.arkonnetworks.com is clearly created, but not
xxx._msdcs.hq.arkonnetworks.com as I expect them to be created by DDNS
automatically.
No. Time Source Destination Protocol Info
157 6.683271 192.168.22.21 192.168.22.3 DNS
Standard query SOA _ldap._tcp.dc._msdcs.hq.arkonnetworks.com
158 6.683461 192.168.22.3 192.168.22.21 DNS
Standard query response, No such name
159 6.686640 192.168.22.21 192.168.22.3 DNS
Standard query SOA _tcp.dc._msdcs.hq.arkonnetworks.com
160 6.686737 192.168.22.3 192.168.22.21 DNS
Standard query response, No such name
161 6.689764 192.168.22.21 192.168.22.3 DNS
Standard query SOA dc._msdcs.hq.arkonnetworks.com
162 6.689849 192.168.22.3 192.168.22.21 DNS
Standard query response, No such name
163 6.693387 192.168.22.21 192.168.22.3 DNS
Standard query SOA _msdcs.hq.arkonnetworks.com
164 6.693485 192.168.22.3 192.168.22.21 DNS
Standard query response SOA ns.hq.arkonnetworks.com
165 6.696381 192.168.22.21 192.168.22.3 DNS
Standard query A ns.hq.arkonnetworks.com
166 6.696496 192.168.22.3 192.168.22.21 DNS
Standard query response CNAME www.hq.arkonnetworks.com A 192.168.11.3
A 192.168.22.3
167 6.701378 192.168.22.21 192.168.22.3 DNS
Standard query SOA _ldap._tcp.dc._msdcs.hq.arkonnetworks.com
168 6.701464 192.168.22.3 192.168.22.21 DNS
Standard query response, No such name
169 6.704746 192.168.22.21 192.168.22.3 DNS
Standard query A ns.hq.arkonnetworks.com
170 6.704853 192.168.22.3 192.168.22.21 DNS
Standard query response CNAME www.hq.arkonnetworks.com A 192.168.11.3
A 192.168.22.3
193 11.934288 192.168.22.21 192.168.22.3 DNS
Standard query SOA _ldap._tcp.dc._msdcs.hq.arkonnetworks.com
194 11.934488 192.168.22.3 192.168.22.21 DNS
Standard query response, No such name
195 11.937659 192.168.22.21 192.168.22.3 DNS
Standard query SOA _tcp.dc._msdcs.hq.arkonnetworks.com
196 11.937752 192.168.22.3 192.168.22.21 DNS
Standard query response, No such name
197 11.941656 192.168.22.21 192.168.22.3 DNS
Standard query SOA dc._msdcs.hq.arkonnetworks.com
198 11.941751 192.168.22.3 192.168.22.21 DNS
Standard query response, No such name
199 11.944650 192.168.22.21 192.168.22.3 DNS
Standard query SOA _msdcs.hq.arkonnetworks.com
200 11.944750 192.168.22.3 192.168.22.21 DNS
Standard query response SOA ns.hq.arkonnetworks.com
201 11.951021 192.168.22.21 192.168.22.3 DNS
Standard query SOA _ldap._tcp.dc._msdcs.hq.arkonnetworks.com
202 11.951103 192.168.22.3 192.168.22.21 DNS
Standard query response, No such name
203 11.955641 192.168.22.21 192.168.22.3 DNS
Standard query A ns.hq.arkonnetworks.com
204 11.955770 192.168.22.3 192.168.22.21 DNS
Standard query response CNAME www.hq.arkonnetworks.com A 192.168.11.3
A 192.168.22.3
>
> 2) Look for Event Log entries on the DC. The Netlogon Service should
> produce events if something fails.
It is not a DC yet. I'm still trying to finish upgrading from NT PDC to
W2K3 AD.
> 3) Insure that self-registration is ENABLED for the DC. If
> self-registration is disabled on a DC, the Netlogon process will
> not attempt to register its CNAME and SRV records. I have no idea
> why the MS code is written this way, as self-registration and
> CNAME/SRV record registrations are two different and unrelated DDNS
> activities. I am not sure if this case will produce Event Log
> entries, as you have told the operating system not to do DDNS.
I don't think I have disable self-registration. May I ask how do I check
that? Any hints are greatly appreciated.
Regards,
Norman Zhang
-- Attached file included as plaintext by Ecartis --
-- File: mycapture.txt
No. Time Source Destination Protocol Info
157 6.683271 192.168.22.21 192.168.22.3 DNS Standard query SOA _ldap._tcp.dc._msdcs.hq.arkonnetworks.com
158 6.683461 192.168.22.3 192.168.22.21 DNS Standard query response, No such name
159 6.686640 192.168.22.21 192.168.22.3 DNS Standard query SOA _tcp.dc._msdcs.hq.arkonnetworks.com
160 6.686737 192.168.22.3 192.168.22.21 DNS Standard query response, No such name
161 6.689764 192.168.22.21 192.168.22.3 DNS Standard query SOA dc._msdcs.hq.arkonnetworks.com
162 6.689849 192.168.22.3 192.168.22.21 DNS Standard query response, No such name
163 6.693387 192.168.22.21 192.168.22.3 DNS Standard query SOA _msdcs.hq.arkonnetworks.com
164 6.693485 192.168.22.3 192.168.22.21 DNS Standard query response SOA ns.hq.arkonnetworks.com
165 6.696381 192.168.22.21 192.168.22.3 DNS Standard query A ns.hq.arkonnetworks.com
166 6.696496 192.168.22.3 192.168.22.21 DNS Standard query response CNAME www.hq.arkonnetworks.com A 192.168.11.3 A 192.168.22.3
167 6.701378 192.168.22.21 192.168.22.3 DNS Standard query SOA _ldap._tcp.dc._msdcs.hq.arkonnetworks.com
168 6.701464 192.168.22.3 192.168.22.21 DNS Standard query response, No such name
169 6.704746 192.168.22.21 192.168.22.3 DNS Standard query A ns.hq.arkonnetworks.com
170 6.704853 192.168.22.3 192.168.22.21 DNS Standard query response CNAME www.hq.arkonnetworks.com A 192.168.11.3 A 192.168.22.3
193 11.934288 192.168.22.21 192.168.22.3 DNS Standard query SOA _ldap._tcp.dc._msdcs.hq.arkonnetworks.com
194 11.934488 192.168.22.3 192.168.22.21 DNS Standard query response, No such name
195 11.937659 192.168.22.21 192.168.22.3 DNS Standard query SOA _tcp.dc._msdcs.hq.arkonnetworks.com
196 11.937752 192.168.22.3 192.168.22.21 DNS Standard query response, No such name
197 11.941656 192.168.22.21 192.168.22.3 DNS Standard query SOA dc._msdcs.hq.arkonnetworks.com
198 11.941751 192.168.22.3 192.168.22.21 DNS Standard query response, No such name
199 11.944650 192.168.22.21 192.168.22.3 DNS Standard query SOA _msdcs.hq.arkonnetworks.com
200 11.944750 192.168.22.3 192.168.22.21 DNS Standard query response SOA ns.hq.arkonnetworks.com
201 11.951021 192.168.22.21 192.168.22.3 DNS Standard query SOA _ldap._tcp.dc._msdcs.hq.arkonnetworks.com
202 11.951103 192.168.22.3 192.168.22.21 DNS Standard query response, No such name
203 11.955641 192.168.22.21 192.168.22.3 DNS Standard query A ns.hq.arkonnetworks.com
204 11.955770 192.168.22.3 192.168.22.21 DNS Standard query response CNAME www.hq.arkonnetworks.com A 192.168.11.3 A 192.168.22.3
More information about the bind-users
mailing list