We use a type of ACL for our Bind stuff. Only our DCs have the
"rights" to do dynamic updates to our AD zone on the bind server.
Other hosts are updated in DNS via the DHCP server (Cisco) or other
processes. The access rights are based on the source IP address. Not
100% secure but it has worked well for us so far (knock on wood). DCs are
still at Win2K.
Diane
-----Original Message-----
From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED]
Sent: Wednesday, September 10, 2003 3:35 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Windows 2003 DC issueDoes BIND provide for ACLs on RRs? I didn't know that...-gGil Kirkpatrick
CTO, NetPro-----Original Message-----
From: Mulnick, Al [mailto:[EMAIL PROTECTED]
Sent: Wednesday, September 10, 2003 12:40 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Windows 2003 DC issueWhile you're checking that, you might also want to check that your new server is not prevented from creating new records by ACLs on the BIND server. Should show in the logs, but it would be good to check.Al-----Original Message-----
From: Chris Flesher [mailto:[EMAIL PROTECTED]
Sent: Wednesday, September 10, 2003 12:18 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Windows 2003 DC issueSame Bind server.Unfortunately, I don't run the Bind server. I'll talk with the powers that be and get a response if anything looked weird.Did not run NETMON, but will to see more.Thanks for the leads. I'll let you know how it goes.-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: Wednesday, September 10, 2003 11:12 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Windows 2003 DC issueThe only change in 2003 re SRV publication that I can recall is that the default update interval is 15 minutes in W2K3 vs. 60 minutes in W2K.Some questions:Is it the same BIND server that worked with W2K?Did you check the BIND logs?And if there was nothing there, did you run NETMON or some other network trace program?-gil-----Original Message-----
From: Chris Flesher [mailto:[EMAIL PROTECTED]
Sent: Wednesday, September 10, 2003 7:43 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Windows 2003 DC issueWe started playing with 2003 in our test environment. We came across a problem with how dynamic updates are done on 2003. Dynamic updates are done on a Sun Bind server. For some reason, the SRV records would not update on the Bind server. However, we can do dynamic update on 2000 DC to the Bind DNS. I'm just wondering if there is something new in 2003 with regards to how SRV records are created? Or maybe I'm just missing something completely. Any ideas would be appreciated. We ended up using 2003 DNS for the DC's. That worked, but isn't a representation of how production will be.Chris FlesherThe University of ChicagoNSIT/DCS1-773-834-8477
