DG dgouldth at csc.com
Thu Mar 31 15:58:31 UTC 2005

We have Windows XP clients, utilising dhcp from a QIP server. The
clients are members of an AD domain (eg Example.net), hence their
primary dns suffix is Example.net

Dhcp gives out option 81 to allow the dhcp server to update dns. It
also assigns them a dhcp domain (ie BuildingLocation.co.uk).

QIP also hosts DNS and is authoritative for all zones except the AD
domain Example.net. QIP also hosts the reverse lookup zones.  The AD
dc's are running AD integrated DNS and are authoritative for the AD
domain. QIP contains delegations for the AD zone.

When a client receives an ip from dhcp, QIP is able to successfully
register the PTR record, and the hostname within the dhcp domain.
However, when it tries to register the hostname record in AD's
Example.net zone it fails.

I haven't seen the network traces yet, but our n/wk guys (who look
after QIP) tell me they can see the QIP server asking the AD dns server
if it is authoritative for Example.net , the AD server replies that it
is, the QIP server attempts to send the update then... nothing. And the
update never appears.

The AD dns servers are a mixture of 2000 and 2003, and are all set to
"allow dynamic update - yes" (on 2000 boxes) and "allow dynamic update
- secure and nonsecure" (on 2003 boxes).

Is anyone else running a similar config? If so, did you have a similar
problem and how was it resolved? I'm going to turn on full debug
logging on the AD dns server, but the problem is A) we have 40+ of them
and B) the nwk's guys mentioned QIP has a list of AD dns servers it
tries to send the updates to, and they can't guarantee which AD dns
server(s) in the list it will send to and C)QIP apparently doesn't send
the update to AD dns straight away - it waits a certain period of time.

All help appreciated. For info, this dynamic update from QIP to AD dns
has never worked, so it's not something that's recently changed.

More information about the bind-users mailing list