Active Directory Munging the SOA

Kevin Darcy kcd at
Thu Jan 20 23:20:08 UTC 2005

Max Clark wrote:

>Hi all,
>I am currently running BIND 9.2.3-13 on RedHat Linux. We are integrating 
>Windows Active Directory in our environment and need to keep BIND as the 
>authoritative source for the zone. Dynamic updates are configured and do 
>work correctly (what a mess AD creates), however, periodicly the 
>nameserver stops resolving names in the zone.
>The error in the name resolution of the zone has been traced twice to 
>two different errors in the SOA, the first time the semi-colon 
>terminating the SOA record was missing, the second time the "." 
>following the domain name at the beginning of the SOA record was missing.
>I cannot find anything in the configuration of either the BIND server or 
>the Active Directory server to suggest what is causing this. Is this a 
>known issue? How do I fix this problem (if I can't we will have to run 
>Windows DNS)?
Are you trying to manually update the zone files at the same time named 
is writing (or is free to write) Dynamic Updates to it? Don't do that. 
You'll have to do all of your updates through Dynamic Update now.

                                             - Kevin

More information about the bind-users mailing list