Hi
My company moved to a 2008R2 Domain Controller environment. Now I see the
following message in the windows log:
Title: This domain controller must register its correct IP addresses with the
DNS server
Severity: Error
Category: Configuration
Issue: The Domain Name System (DNS) host resource
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Christian,
On 1/3/12 11:00 AM, Melbinger Christian wrote:
So this is presumably not a problem of the bind servers themselves,
but still, does anyone have an idea how to get rid of the error
messages?
Anyone know the checkbox to unset? I
Hello
Thanks for your answer, but unfortunately that's not the case.
When I do a nslookup like nslookup internal.wienit.at, I get back the IPs of
the DCs, speaking
Addresses: 10.4.4.4, 10.5.5.5
The error message
The invalid IP addresses are 10.1.1.1; 10.2.2.2.
is pointing towards the
On Tue, Jan 3, 2012 at 4:00 AM, Melbinger Christian
christian.melbin...@wienit.at wrote:
Hi
** **
My company moved to a 2008R2 Domain Controller environment. Now I see the
following message in the windows log:
** **
*Title*: This domain controller must register its correct IP
The DC must not only be allow to update his A, (if applicable) and PTR
records, he must also be able to update his SRV and TXT records. Please add the
DC to the ACL for allow-updates on the zone that corresponds to the AD
Domain/Kerberos zone, and then confirm that it is working by
2012/1/2 Matus UHLAR - fantomas uh...@fantomas.sk:
On 21.12.11 19:21, Peter Andreev wrote:
I think that if server is authoritative - and - slave-only it should
use system resolver rather than querying by itself.
2012/1/2 Matus UHLAR - fantomas uh...@fantomas.sk:
BIND will not use system
On Jan 2, 2012, at 2:16 PM, Barry Margolin wrote:
If the system resolver is good enough for every other application
running on the system, it should be good enough for BIND.
Why not at least allow this as an option?
In article mailman.656.1325532888.68562.bind-us...@lists.isc.org,
Chuck
In article mailman.665.1325598835.68562.bind-us...@lists.isc.org,
Matus UHLAR - fantomas uh...@fantomas.sk wrote:
On Jan 2, 2012, at 2:16 PM, Barry Margolin wrote:
If the system resolver is good enough for every other application
running on the system, it should be good enough for BIND.
2012/1/2 Matus UHLAR - fantomas uh...@fantomas.sk:
I don't see your point now. I'm afraid that you will have to live with the
fact that you can not disable sending queries from BIND when it needs them,
you can only prevent it by configuring BIND (so it will not need them) or
firewall such
On 01/03/12 07:53, Peter Andreev wrote:
2012/1/2 Matus UHLAR - fantomasuh...@fantomas.sk:
On 21.12.11 19:21, Peter Andreev wrote:
I think that if server is authoritative - and - slave-only it should
use system resolver rather than querying by itself.
2012/1/2 Matus UHLAR -
What A records map to those IP addresses listed (10.1.1.1, 10.2.2.2)?
only their own name, nothing more
Are there any same as zone records that point to your DC IPs? (this is
common if DNS is AD integrated)
yes
internal.wienit.at is a round robbin to all DC IPs
gc._msdcs.internal.wienit.at is
According to syslog the DCs do update tons of records all the time... A, PTR,
SRV.
I didn't regulate them. Their IPs are allowed to do any updates.
---
Ing. Christian Melbinger
Netzwerk Security
WienIT EDV Dienstleistungsgesellschaft mbH Co KG
A-1030 Wien, Thomas-Klestil-Platz 6
tel: +43 (1)
2012/1/3 Matus UHLAR - fantomas uh...@fantomas.sk:
2012/1/2 Matus UHLAR - fantomas uh...@fantomas.sk:
I don't see your point now. I'm afraid that you will have to live with
the
fact that you can not disable sending queries from BIND when it needs
them,
you can only prevent it by
On Jan 3, 2012, at 11:13 AM, Peter Andreev wrote:
Unfortunately as I learning BIND more, I understand that it is not
very suitable for my requirements.
Which are? I've been trying to understand what the actual problem you are
trying to solve might be.
Regards,
--
-Chuck
In article mailman.668.1325603242.68562.bind-us...@lists.isc.org,
Lyle Giese l...@lcrcomputer.net wrote:
For instance, I want to attach to the server using VNC or SSH for
maintanence. By default, they want to do do a reverse lookup of your ip
address before allowing access. Now you wait
2012/1/3 Chuck Swiger cswi...@mac.com:
On Jan 3, 2012, at 11:13 AM, Peter Andreev wrote:
Unfortunately as I learning BIND more, I understand that it is not
very suitable for my requirements.
Which are? I've been trying to understand what the actual problem you are
trying to solve might be.
There is a bug in Windows 2008 R2 which prevents correct registration to
BIND dns servers. See http://support.microsoft.com/kb/2002490 for the
hotfix to apply. Unfortunately, this hotfox still does not correct the
behavior. Windows 2008 R2 registers the record first. This record
is
On 1/2/2012 2:16 PM, Barry Margolin wrote:
In articlemailman.654.1325531095.68562.bind-us...@lists.isc.org,
Kevin Darcyk...@chrysler.com wrote:
I agree with Matus. BIND should be as self-sufficient as possible, and
not make any assumptions about the capability of and/or the data it
expects
On 1/3/12 12:46 PM, Kevin Darcy k...@chrysler.com wrote:
Those server folks have strange ideas about name resolution. Strange
enough that sometimes I don't even understand what the hell they are
trying to accomplish.
In all fairness, lots of folks have strange ideas. We should start with
If you want named to be authoritative only set recursion no; or
allow-recursion { none; } or allow-query-cache { none; }; and
no data will be returned from the cache. allow-recursion and
allow-query-cache cross inherit from each other.
If you only want master zones to send notify messages then
Good morning all,
its many days now that I observed the warning view message during the
rndc reload process:
Jan 4 07:01:09 ns1 named[920]: received control channel command 'reload'
Jan 4 07:01:09 ns1 named[920]: loading configuration from
'/etc/bind/named.conf'
Jan 4 07:01:09 ns1 named[920]:
In message 4f03dddf.6070...@metropolitanstaff.co.za, Eric Kom writes:
Good morning all,
its many days now that I observed the warning view message during the
rndc reload process:
Jan 4 07:01:09 ns1 named[920]: received control channel command 'reload'
Jan 4 07:01:09 ns1 named[920]:
Hello,
I learn network administration and like to configure my network to do:
workstation - ns.intra.mydomain.com - ns.mydomain.com
currently I have followin configs:
workstation:
--( /etc/resolv.conf )--
search intra.mydomain.com
nameserver
2012/1/4 Mark Andrews ma...@isc.org:
If you want named to be authoritative only set recursion no; or
allow-recursion { none; } or allow-query-cache { none; }; and
no data will be returned from the cache. allow-recursion and
allow-query-cache cross inherit from each other.
If you only want
24 matches
Mail list logo