Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

bind as slave DNS to windows AD dns server

224 views
Skip to first unread message

Aleksander Kamenik

unread,
May 21, 2009, 6:49:31 AM5/21/09
to
Hi,

I'm trying to setup BIND named to be a slave a MS Windows 2008 server's
AD domain.

I set it up to be the slave and it works fine and I can resolv A records
from the domain on the slave bind. However I can't resolve some SRV
records like

_ldap._tcp.dc._msdcs.DOMAIN

Without this functionality a windows PC is unable to connect to the
windows domain.

At first it looked like the Windows DNS server gave BIND a partial zone
file. Later after some googling I realized it has something to do with
dynamic updates which I don't know how to set up and am not familiar with.

Most google replies deal with setting up bind as the master server. Is
it at all possible for BIND to act as a slave and forward the SRV
updates to the master? If so, please point me to relevant documentation.

Regards,

--

Aleksander Kamenik
System Administrator
Krediidiinfo AS
an Experian Company
Phone: +372 665 9649
Email: aleks...@krediidiinfo.ee

http://www.krediidiinfo.ee/
http://www.experiangroup.com/
_______________________________________________
bind-users mailing list
bind-...@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

b19...@anl.gov

unread,
May 21, 2009, 8:57:54 AM5/21/09
to
Aleksander Kamenik <aleks...@krediidiinfo.ee> wrote:

>I'm trying to setup BIND named to be a slave a MS Windows 2008 server's
>AD domain.
>
>I set it up to be the slave and it works fine and I can resolv A records
>from the domain on the slave bind. However I can't resolve some SRV
>records like
>
>_ldap._tcp.dc._msdcs.DOMAIN
>
>Without this functionality a windows PC is unable to connect to the
>windows domain.
>
>At first it looked like the Windows DNS server gave BIND a partial zone
>file. Later after some googling I realized it has something to do with
>dynamic updates which I don't know how to set up and am not familiar with.
>
>Most google replies deal with setting up bind as the master server. Is
>it at all possible for BIND to act as a slave and forward the SRV
>updates to the master? If so, please point me to relevant documentation.

What zones are you slaving on your BIND server? There should be six:

DomainDNSZones.example.com
ForestDNSZones.example.com
_msdcs.example.com
_sites.example.com
_tcp.example.com
_udp.example.com

If you have these six zones slaved on your BIND server, and these zones
are being transferred successfully, then there should be no problems.
See the archives of this list, where there have been many
BIND/AD-related postings over the past years.

You wrote:

Is it at all possible for BIND to act as a slave and forward the
SRV updates to the master?

I am not sure what you mean? The Windows Domain Controllers will send
any SRV updates to the Windows DNS Server, if the AD structure is
properly configured. Client machine might ask your BIND servers for
SRV information, but the DCs should not be sending dynamic DNS updates
to your BIND slave for SRV records.
----------------------------------------------------------------------
Barry S. Finkel
Computing and Information Systems Division
Argonne National Laboratory Phone: +1 (630) 252-7277
9700 South Cass Avenue Facsimile:+1 (630) 252-4601
Building 222, Room D209 Internet: BSFi...@anl.gov
Argonne, IL 60439-4828 IBMMAIL: I1004994

Aleksander Kamenik

unread,
May 21, 2009, 3:18:33 PM5/21/09
to
b19...@anl.gov wrote:
> Aleksander Kamenik <aleks...@krediidiinfo.ee> wrote:
>
>> I'm trying to setup BIND named to be a slave a MS Windows 2008 server's
>> AD domain.
>>
>> I set it up to be the slave and it works fine and I can resolv A records
>>from the domain on the slave bind. However I can't resolve some SRV
>> records like
>>
>> _ldap._tcp.dc._msdcs.DOMAIN
>>
>> Without this functionality a windows PC is unable to connect to the
>> windows domain.
>>
>> At first it looked like the Windows DNS server gave BIND a partial zone
>> file. Later after some googling I realized it has something to do with
>> dynamic updates which I don't know how to set up and am not familiar with.
>>
>> Most google replies deal with setting up bind as the master server. Is
>> it at all possible for BIND to act as a slave and forward the SRV
>> updates to the master? If so, please point me to relevant documentation.
>
> What zones are you slaving on your BIND server? There should be six:
>
> DomainDNSZones.example.com
> ForestDNSZones.example.com
> _msdcs.example.com
> _sites.example.com
> _tcp.example.com
> _udp.example.com
>

Ok, understood. I had only example.com slaved, turns out I have to get
the subdomains instead. I'll try this when I get to work. Thanks!

> If you have these six zones slaved on your BIND server, and these zones
> are being transferred successfully, then there should be no problems.
> See the archives of this list, where there have been many
> BIND/AD-related postings over the past years.
>
> You wrote:
>
> Is it at all possible for BIND to act as a slave and forward the
> SRV updates to the master?
>
> I am not sure what you mean? The Windows Domain Controllers will send
> any SRV updates to the Windows DNS Server, if the AD structure is
> properly configured. Client machine might ask your BIND servers for
> SRV information, but the DCs should not be sending dynamic DNS updates
> to your BIND slave for SRV records.

Ok, got it.

Regards,

--

Aleksander Kamenik
System Administrator
Krediidiinfo AS
an Experian Company
Phone: +372 665 9649
Email: aleks...@krediidiinfo.ee

http://www.krediidiinfo.ee/
http://www.experiangroup.com/

_______________________________________________

0 new messages