I have confirmed that this is indeed the solution and that it works.
For posterity here's what I did.
I enabled Zone transfers under DNS > Forward Lookup Zones >
_msdcs.example.com > Properties > Zone Transfers and tested that from
the Linux machine with:
$ dig -t AXFR @192.168.1.1
Then I added the following to the Linux named.conf (in addition to the
other slave zone for example.com):
zone "_msdcs.example.com" IN {
type slave;
file "data/slave-_msdcs.example.com";
masters { 192.168.1.1; };
};
and restarted named. Then I tested with:
$ dig -t SRV _ldap.dc._msdcs.example.com
Thanks,
Mike
On Mon, 4 Dec 2006 10:06:10 -0800 (PST)
Hans Halbmayr <[EMAIL PROTECTED]> wrote:
> Usually dcpromo creates all these zones. Windows creates these zones in a
> forest partition. If you have a linux DNS server just create another slave
> zone of _msdcs.example.com. The gray one is only the delegation.
>
> Hans
>
>
> ----- Original Message ----
> From: Michael B Allen <[EMAIL PROTECTED]>
> To: [email protected]
> Cc: [EMAIL PROTECTED]
> Sent: Saturday, December 2, 2006 5:39:26 PM
> Subject: Re: [ActiveDir] _msdcs not propagated in AXFR
>
>
> Ok, so basically _msdcs is just a separate zone. Do Windows DNS setups
> usually do this? I'm using SBS.
>
> I have a bind DNS server running on a linux machine with a slave zone
> for example.com. The AXFR doesn't have those records (aside from the
> NS record). So what you're saying is that I need to setup another slave
> zone for the _msdcs subdomain?
>
> Mike
>
> On Sat, 2 Dec 2006 03:02:22 -0800 (PST)
> Hans Halbmayr <[EMAIL PROTECTED]> wrote:
>
> > Hi Mike,
> >
> > the gray one is the delegation of the zone. The _msdcs ist a subdomain of
> > your forest root. Because it is needed all over the forest it is delegated.
> >
> > Regards
> > Hans
> >
> > ----- Original Message ----
> > From: Michael B Allen <[EMAIL PROTECTED]>
> > To: [email protected]
> > Cc: [EMAIL PROTECTED]
> > Sent: Saturday, December 2, 2006 12:15:29 AM
> > Subject: Re: [ActiveDir] _msdcs not propagated in AXFR
> >
> >
> > I'm not sure I understand. In DNS admin I see two zones. One
> > for _msdcs.example.com with all the usual _msdcs records and
> > one for example.com which incedentally has an NS record for
> > _msdcs.example.com. The little folder thingy for this _msdcs is grey
> > which I guess signifies that it's some kind of link to the other zone?
> >
> > So I understand why the _msdcs records other than the one NS record are
> > not transferring but I don't understand why the structure is split into
> > two zones and if I can/should do something about it.
> >
> > Mike
> >
> > On Fri, 1 Dec 2006 11:27:14 -0800
> > "Akomolafe, Deji" <[EMAIL PROTECTED]> wrote:
> >
> > > Seen this? http://support.microsoft.com/kb/817470
> > >
> > >
> > > Sincerely,
> > > _____
> > > (, / | /) /) /)
> > > /---| (/_ ______ ___// _ // _
> > > ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
> > > (_/ /)
> > > (/
> > > Microsoft MVP - Directory Services
> > > www.akomolafe.com - we know IT
> > > -5.75, -3.23
> > > Do you now realize that Today is the Tomorrow you were worried about
> > > Yesterday? -anon
> > >
> > >
> > >
> > > From: Michael B Allen
> > > Sent: Fri 12/1/2006 9:40 AM
> > > To: [email protected]
> > > Subject: [ActiveDir] _msdcs not propagated in AXFR
> > >
> > >
> > > Does anyone know why the _msdcs records are not returned in an AXFR DNS
> > > query? This means that slave zones will not have those records and that
> > > software querying for a domain controller may not find one.
> > >
> > > Mike
> > >
> > > --
> > > Michael B Allen
> > > PHP Active Directory SSO
> > > http://www.ioplex.com/
> > > List info : http://www.activedir.org/List.aspx
> > > List FAQ : http://www.activedir.org/ListFAQ.aspx
> > > List archive: http://www.mail-archive.com/[email protected]/
> > >
> >
> >
> > --
> > Michael B Allen
> > PHP Active Directory SSO
> > http://www.ioplex.com/
> > List info : http://www.activedir.org/List.aspx
> > List FAQ : http://www.activedir.org/ListFAQ.aspx
> > List archive: http://www.mail-archive.com/[email protected]/
> >
> >
> >
> > ____________________________________________________________________________________
> > Do you Yahoo!?
> > Everyone is raving about the all-new Yahoo! Mail beta.
> > http://new.mail.yahoo.com
> > List info : http://www.activedir.org/List.aspx
> > List FAQ : http://www.activedir.org/ListFAQ.aspx
> > List archive: http://www.mail-archive.com/[email protected]/
> >
>
>
> --
> Michael B Allen
> PHP Active Directory SSO
> http://www.ioplex.com/
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.mail-archive.com/[email protected]/
>
>
>
> ____________________________________________________________________________________
> Need a quick answer? Get one in minutes from people who know.
> Ask your question on www.Answers.yahoo.com
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.mail-archive.com/[email protected]/
>
--
Michael B Allen
PHP Active Directory SSO
http://www.ioplex.com/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/[email protected]/
