bind not talking to Active Directory (1165 Event ID)

Kevin Darcy kcd at chrysler.com
Fri Oct 12 20:05:21 UTC 2007 

The "underscored subdomain" approach is only supposed to accommodate the 
SRV records that are registered automatically at AD Domain Controller 
promotion time (and periodically thereafter).

In contrast, when you invoke "ipconfig /registerdns" you're telling 
*Windows* (not Active Directory) to register the IP address of the local 
box in the DNS server. It's trying to register <windows server 
name>.dev.example.com in (presumably) the dev.example.com zone which a) 
is probably not set for Dynamic Update at all, and b) even if you had an 
allow-update for the zone, wouldn't be able to accept a GSS-TSIG-signed 
update, which would be what is generated, by default, from a Windows 
box. It's also possible that the Dynamic Update for the reverse record 
is what's failing.

If you're not seeing SRV records in your subdomains, then that's a 
_different_ problem from the ipconfig /registerdns (non-)problem, and 
I'd start by reading the AD documentation to see how you can "goose" 
that SRV-record-registration process (I'm not familiar enough with AD to 
know how to do that). Look in the logs on the BIND side as well.

                                                                         
                     - Kevin

Juan Miscaro wrote:
> I am trying to set up a typical DDNS, DHCP, AD arrangement.  So far,
> DDNS & DHCP is working.  I am now encountering some resistance in
> having DDNS & AD work together.
>
> I'm running bind 9 on Ubuntu 7.04 and my AD is with a Windows 2003
> Server.
>
> The bind is master for the various AD SRV domains (ex:
> _tcp.dev.example.com).  From /etc/bin/named.conf.local:
>
> zone "_tcp.dev.example.com" IN {
>        type master;
>        file "/etc/bind/_tcp.dev.example.com.zone";
>        allow-update { <windows server IP address>; };
>        notify yes;
> };
>
> When I try to register my AD records on the Windows server (ipconfig
> //registerdns) it complains:
>
> Event Type: Warning
> Event Source: DnsApi
> Event Category: None
> Event ID: 11165
> Date: 10/10/2007
> Time: 9:04:53 AM
> User: N/A
> Computer: <windows server hostname>
> Description:
> The system failed to register host (A) resource records (RRs) for
> network adapter
> with settings:
>
> Adapter Name : {88065037-BE3E-4EA6-9E1E-FBC90CE6B231}
> Host Name : <windows server hostname>
> Primary Domain Suffix : dev.example.com
> DNS server list :
> <bind server IP address>
> Sent update to server : <?>
> IP Address(es) :
> <windows server IP address>
>
>
> What I'm wondering about is this line:
>
> Sent update to server : <?>
>
> I can provide more information for those interested in helping.
>
> // juan
>
>
>
>       Ask a question on any topic and get answers from real people. Go to Yahoo! Answers and share what you know at http://ca.answers.yahoo.com
>
>
>
>
>

More information about the bind-users mailing list