I got Win2k3 AD setup and working just fine in our testbed with Bind DNS on Fedora core 1.
I copied the zone files and conf file to our production DNS and fired up our new win2k3 AD server.
But it's not working and it's driving me crazy.
I'm not even showing anything in the DNS logs to show that the AD server is even trying to register it's DNS entries. However, DNS itself is working fine, just the dynamic updates don't work.
See anything wrong?
Win2k3 Domain controller setup
DNS - Prefered DNS server - Linux DNS server
secondary - none
DNS is installed on this server and only has secondary zones.
Register this connection in DNS is checked
Linux DNS server
Bind is installed and working. The only thing not working is dynamic updates. Zones are being transfered to MS DNS on the AD server just fine.
Conf file:
acl ADservers {
10.10.1.10;
};
options {
directory "/var/named";
pid-file "/var/run/named.pid";
statistics-file "/var/run/named.stats";
listen-on { 10.10.1.40;127.0.0.1; }; //believe req to listen for updates
};
controls {
inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
};
key "rndc_key" {
algorithm hmac-md5;
secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
};
zone "." {
type hint;
file "root.hints";
};
zone "blah.com" {
type master;
file "blah.com";
allow-transfer{ 10.10.44.2;10.10.70.40;10.10.44.4;10.10.1.10; };
allow-update {ADservers;};
};
zone "1.10.10.in-addr.arpa" {
type master;
file "10.10.1";
allow-transfer{ 10.10.1.40;10.10.70.40;10.10.44.4;10.10.1.10; };
allow-update {ADservers;};
};
zone "0.0.127.in-addr.arpa" {
type master;
file "pzz/127.0.0";
};
//Special AD zones required for blah.com
zone "_msdcs.blah.com" {
type master;
file "_msdcs.blah.com";
// allow-transfer{10.10.1.40;10.10.1.10; };
allow-update {ADservers;};
};
zone "_sites.blah.com" {
type master;
file "_sites.blah.com";
allow-transfer{10.10.1.40;10.10.1.10; };
allow-update {ADservers;};
};
zone "_tcp.blah.com" {
type master;
file "_tcp.blah.com";
allow-transfer{10.10.1.40;10.10.1.10; };
allow-update {ADservers;};
};
zone "_udp.blah.com" {
type master;
file "_udp.blah.com";
allow-transfer{10.10.1.40;10.10.1.10; };
allow-update {ADservers;};
};
zone "ForestDnsZones.blah.com" {
type master;
file "ForestDnsZones.blah.com";
allow-transfer{10.10.1.40;10.10.1.10; };
Zone file:
$ORIGIN .
$TTL 3600
blah.com IN SOA blah.com. blah.blah.com. (
2005100701 ; serial
10800 ; refresh
3600 ; retry
604800 ; expire
400 ; default_ttl
)
IN NS dns.blah.com.
IN NS win2k3.blah.com.
$ORIGIN blah.com.
$TTL 400
IN MX 10 pop3
IN MX 20 mail01
;localhost A 127.0.0.1
server1 IN A 10.10.1.7
server2 IN A 10.10.1.55
server3 IN A 10.10.1.52
I copied the zone files and conf file to our production DNS and fired up our new win2k3 AD server.
But it's not working and it's driving me crazy.
I'm not even showing anything in the DNS logs to show that the AD server is even trying to register it's DNS entries. However, DNS itself is working fine, just the dynamic updates don't work.
See anything wrong?
Win2k3 Domain controller setup
DNS - Prefered DNS server - Linux DNS server
secondary - none
DNS is installed on this server and only has secondary zones.
Register this connection in DNS is checked
Linux DNS server
Bind is installed and working. The only thing not working is dynamic updates. Zones are being transfered to MS DNS on the AD server just fine.
Conf file:
acl ADservers {
10.10.1.10;
};
options {
directory "/var/named";
pid-file "/var/run/named.pid";
statistics-file "/var/run/named.stats";
listen-on { 10.10.1.40;127.0.0.1; }; //believe req to listen for updates
};
controls {
inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
};
key "rndc_key" {
algorithm hmac-md5;
secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
};
zone "." {
type hint;
file "root.hints";
};
zone "blah.com" {
type master;
file "blah.com";
allow-transfer{ 10.10.44.2;10.10.70.40;10.10.44.4;10.10.1.10; };
allow-update {ADservers;};
};
zone "1.10.10.in-addr.arpa" {
type master;
file "10.10.1";
allow-transfer{ 10.10.1.40;10.10.70.40;10.10.44.4;10.10.1.10; };
allow-update {ADservers;};
};
zone "0.0.127.in-addr.arpa" {
type master;
file "pzz/127.0.0";
};
//Special AD zones required for blah.com
zone "_msdcs.blah.com" {
type master;
file "_msdcs.blah.com";
// allow-transfer{10.10.1.40;10.10.1.10; };
allow-update {ADservers;};
};
zone "_sites.blah.com" {
type master;
file "_sites.blah.com";
allow-transfer{10.10.1.40;10.10.1.10; };
allow-update {ADservers;};
};
zone "_tcp.blah.com" {
type master;
file "_tcp.blah.com";
allow-transfer{10.10.1.40;10.10.1.10; };
allow-update {ADservers;};
};
zone "_udp.blah.com" {
type master;
file "_udp.blah.com";
allow-transfer{10.10.1.40;10.10.1.10; };
allow-update {ADservers;};
};
zone "ForestDnsZones.blah.com" {
type master;
file "ForestDnsZones.blah.com";
allow-transfer{10.10.1.40;10.10.1.10; };
Zone file:
$ORIGIN .
$TTL 3600
blah.com IN SOA blah.com. blah.blah.com. (
2005100701 ; serial
10800 ; refresh
3600 ; retry
604800 ; expire
400 ; default_ttl
)
IN NS dns.blah.com.
IN NS win2k3.blah.com.
$ORIGIN blah.com.
$TTL 400
IN MX 10 pop3
IN MX 20 mail01
;localhost A 127.0.0.1
server1 IN A 10.10.1.7
server2 IN A 10.10.1.55
server3 IN A 10.10.1.52