Setup W2k Active Directory with BIND
1marc1 at gmail.com
1marc1 at gmail.com
Tue Aug 16 23:44:12 UTC 2005
Dear all,
For the past few days I have been trying to run dcpromo on a W2k box,
which uses BIND rather than MS-DNS. I found (and used) much
documentation on the internet (including this newsgroup) on how to set
this up. I also have a copy of the fourth edition of O'Reilly's "DNS
and BIND" by Paul Albitz and Cricket Liu, which explains the topic
clearly, however I keep running into the same problem: dcpromo tells
me:
The wizard cannot contact the DNS server that handles the name
"win2k.example.com" to determine if it supports dynamic update. Confirm
your DNS configuration, or install and configure a DNS server on this
computer.
I am running BIND 9.2.5 and the Windows 2000 box has Service Pack 4
installed. The IP address of the BIND server is 10.0.2.4. Its name is
bind.example.com and a CNAME record named ns1.example.com points to it.
The IP address for the W2k box is 10.0.2.5. My main domain is
"example.com" (for purposes of non-disclosure) and I am trying to get
the Windows box registered in "win2k.example.com". The Windows machine
also has its Primary DNS suffix set to win2k.example.com.
I have included my configuration files below. Any suggestions and help
are greatly appreciated!
===============
/etc/named.conf
===============
logging {
channel logfile {
file "/var/log/named";
print-time yes;
severity info;
print-category yes;
print-severity yes;
};
category "default" { "logfile"; };
};
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
listen-on { 127.0.0.1; 10.0.2.4; };
statistics-file "/var/named/data/named_stats.txt";
notify yes;
forward first;
forwarders {
<isp dns server 1>;
<isp dns server 2>;
};
};
acl "win2kservers" {
10.0.2.5;
};
key "rndckey" {
algorithm hmac-md5;
secret "<snipped>";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndckey"; };
};
zone "." {
type hint;
file "root.hints";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "pz/127.0.0";
};
zone "example.com" {
type master;
notify yes;
file "pz/example.com";
allow-update { "win2kservers"; };
};
// Windows 2000 servers' zone files for active directory
zone "win2k.example.com" {
type master;
notify yes;
file "pz/win2k.example.com";
allow-update { "win2kservers"; };
};
// NOTE: I have also tried the format: zone "_msdcs.example.com" {},
// but that also does not resolve the issue.
zone "_msdcs.win2k.example.com" {
type master;
notify yes;
file "pz/_msdcs.win2k.example.com";
allow-update { "win2kservers"; };
};
zone "_sites.win2k.example.com" {
type master;
notify yes;
file "pz/_sites.win2k.example.com";
allow-update { "win2kservers"; };
};
zone "_tcp.win2k.example.com" {
type master;
notify yes;
file "pz/_tcp.win2k.example.com";
allow-update { "win2kservers"; };
};
zone "_udp.win2k.example.com" {
type master;
notify yes;
file "pz/_udp.win2k.example.com";
//check-names ignore;
allow-update { "win2kservers"; };
};
// End Windows 2000 servers' zone files for active directory
zone "2.0.10.in-addr.arpa" {
type master;
notify no;
file "pz/2.0.10";
allow-update { "win2kservers"; };
};
===============================
/var/named/pz/win2k.example.com
===============================
$ORIGIN .
$TTL 259200 ; 3 days
win2k.example.com IN SOA ns1.example.com. bind.example.com. (
200508169 ; serial
28800 ; refresh (8 hours)
7200 ; retry (2 hours)
2419200 ; expire (4 weeks)
86400 ; minimum (1 day)
)
NS ns1.example.com.
======================================
/var/named/pz/_msdcs.win2k.example.com
======================================
$ORIGIN .
$TTL 259200 ; 3 days
_msdcs.win2k.example.com IN SOA ns1.example.com. bind.example.com. (
200508172 ; serial
28800 ; refresh (8 hours)
7200 ; retry (2 hours)
2419200 ; expire (4 weeks)
86400 ; minimum (1 day)
)
NS ns1.example.com.
==========================
The files _sites.win2k.example.com, _tcp.win2k.example.com and
_udp.win2k.example.com take on the same format as
_msdcs.win2k.example.com.
More information about the bind-users
mailing list