BIND9 dns server and windows domain/clients

user · September 24, 2008, 8:33pm

Here comes my complicated or maybe not so complicated BIND9 question.

How do I let Windows clients to update there own A host records in BIND9?

I want to use BIND as a dns server for my windows2003 domain. For that my windows2003 server needs to be able to update the dns zone file.

now here is the windows help file i found on how to do this. Microsoft Corporation

basicly it said that this should be configured in your named.conf file.

Options { 
    directory "/etc/namedb";    //Working directory 
}; 
//Zone entry for my Active Directory domain ad.mydom.com. 
Zone "ad.mydom.com" IN { 
type master; 
file "db.ad.mydom.com"; 
allow-update { 4.2.2.3; dc2.; }; 
};

I’ll post my named.conf and my zone file at the end of the post.

now here is what i can do with my current DNS server.

I can ping the dns server and the windows2003 server by IP.
I can look up the ip of dns server in a windows client with the command “nslookup”.
I can ping the DNS server with its FQDN.
When promoting windows server2003 to domain controller it passes on the DNS diagnostic tool.
(this tool checks if the dns is corectly configured for dns updates)

Here is what I can’t do.
After the command: ipconfig /registerdns
the event viewer comes with a dns error

Event Type:	Warning
Event Source:	DnsApi
Event Category:	None
Event ID:	11165
Date:		24-9-2008
Time:		19:13:31
User:		N/A
Computer:	WINSRVXXXX
Description:
The system failed to register host (A) resource records (RRs) for network adapter
with settings:

   Adapter Name : {46338779-1A0A-4AF0-944D-C1A8CB00C4EF}
   Host Name : winsrvxxxx
   Primary Domain Suffix : pika.lan
   DNS server list :
     	192.168.2.2
   Sent update to server : 192.168.2.2
   IP Address(es) :
     192.168.2.7

The reason the system could not register these RRs was because the DNS server contacted refused the update request. The reasons for this might be (a) you are not allowed to update the specified DNS domain name, or (b) because the DNS server authoritative for this name does not support the DNS dynamic update protocol.

 To register the DNS host (A) resource records using the specific DNS domain name and IP addresses for this adapter, contact your DNS server or network systems administrator.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2a 23 00 00               *#..

Wich means its somehow didn’t register with the dns.
Wich means I can’t ping the win2003 server by its FQDN

Here is some info on the systems.
Both are in Vmwareworkstation 6.5
The linux version is open suse 11.0 but I have Had the same problem in 10.3
static ip’s no DHCP

Here is the named.conf followed by the zone file.

## /etc/named.conf
options {

	directory "/var/lib/named";

	dump-file "/var/log/named_dump.db";
	statistics-file "/var/log/named.stats";

	listen-on-v6 { any; };

	notify no;
};

zone "." in {
	type hint;
	file "root.hint";
};

zone "localhost" in {
	type master;
	file "localhost.zone";
};

zone "0.0.127.in-addr.arpa" in {
	type master;
	file "127.0.0.zone";
};

zone "pika.lan" in {
	type master;
	file "pika.zone";
	allow-update { any; };
};

include "/etc/named.conf.include";

And here is the zone file.

$TTL 1W
@		IN	SOA   dns.pika.lan. niels.pika.lan. (
				42		; serial (d. adams)
				2D		; refresh
				4H		; retry
				6W		; expiry
				1W )		; minimum

@		IN	NS	dns.pika.lan.
dns		IN	A	192.168.2.2

As far as I know this should allow me to to let any computer update the dns server.

There could be a mistake in the zone file if so point it out I never made those from scratch before so …

So, is there some option i am missing that would allow windows to update its own recors in the DNS?

Is this posible at all ?

As this is a test setup I don’t care about security.
I just want it to work.
And I have other means to make it secure either way.

quick recap.
Let windows clients update there own A Host information. How?

Thanks ahead,
Shikon

Markos · December 18, 2013, 6:45pm

Hello,

I wonder if you have ever managed to resolve this. I am facing the very same problem now and I haven’t found much information on this topic on the Internet.

Thanx.

(Sorry for digging up this old thread)

tsu2 · December 18, 2013, 7:20pm

Well,
Your situation might be different, especially considering that the OP implemented a Win2K3 Domain (It’s likely later AD use different version IDs in the original config file).

Aside from that,

The original DNS config file appears to setup a “Master” ie. the First DNS server in the Domain.
I haven’t done an update as this thread describes, but someone needs to investigate whether the described DNS update error is because another authoritative DNS server doesn’t exist or if the DNS server isn’t able to update data from DHCP and a DC. If the former it’s of course! If it’s the latter, then…
Is the Linux DNS server already a member of the AD? You’d think so because it holds DNS records but I can imagine how things might get muddled when setting up a Linux machine manually to provide Network Services normally provided by Windows machines. Of course, this “Are you already a member of the AD?” issue is never an issue in an “all Windows” setup.

So, bottom line is that I’m imagining issues that could exist at two levels… There is fairly typical DNS records replication which operates not too differently than ordinary DNS replication but with added AD authentication, but in an AD/LDAP Domain, there is a tight relationship between Domain Controllers, DHCP and DNS. A properly working, healthy Domain involves continuous communication and updating between all three Network Services, but if there is a mistake or flaw setting up it might not have been noticed except by an experienced, attentive Domain Admin before and is apparent only now.

TSU