>What A records map to those IP addresses listed (10.1.1.1, 10.2.2.2)?
only their own name, nothing more
>Are there any "same as zone" records that point to your DC IPs? (this is
>common if DNS is AD integrated)
yes
internal.wienit.at is a round robbin to all DC IPs
gc._msdcs.internal.wienit.at is also a round robbin to all DC IPs
I don't know if long time ago it was AD integrated, but in the last few years
it certainly was not.
>Do you see in the Event Viewer on the DC that it is successfully registering
>the A, PTR and SRV records? (not sure what log this is in, been a little
>while since I looked last).
yes that's working too, otherwise there would be a lot more errors
I even see every update in the messages log on the dns-server, all working
>I know you said it was the case, but your BIND config has one of the following
>options set?
> - allow-update { address_match_list }; <-- If the DC is pointing to the
> master BIND server
> - allow-update-forwarding { address_match_list }; <-- if the DC is pointing
> to the slave BIND server
updates are working
>What happens if you issue the ipconfig /registerdns command from the DCs?
I think I did that some time ago... the DC kicked all of its own Records and
then put them back in...
---
Ing. Christian Melbinger
Netzwerk & Security
WienIT EDV Dienstleistungsgesellschaft mbH & Co KG
A-1030 Wien, Thomas-Klestil-Platz 6
tel: +43 (1) 90405 47188
fax: +43 (1) 90405 88 47188
mailto:christian.melbin...@wienit.at
Von: Will Lists [mailto:listsw...@gmail.com]
Gesendet: Dienstag, 03. Jänner 2012 14:07
An: bind-users@lists.isc.org
Cc: Melbinger Christian
Betreff: Re: MS AD 2008R2 and bind
On Tue, Jan 3, 2012 at 4:00 AM, Melbinger Christian
<christian.melbin...@wienit.at<mailto:christian.melbin...@wienit.at>> wrote:
Hi
My company moved to a 2008R2 Domain Controller environment. Now I see the
following message in the windows log:
Title: This domain controller must register its correct IP addresses with the
DNS server
Severity: Error
Category: Configuration
Issue: The Domain Name System (DNS) host resource records for this domain
controller's fully qualified domain name currently map to the IP addresses that
do not belong to this domain controller. The invalid IP addresses are 10.1.1.1;
10.2.2.2.
Impact: Other member computers and domain controllers in the domain or forest
might not be able to locate this domain controller. This domain controller will
not be able to provide a full suite of services.
Resolution: Ensure that the DNS Client service on this domain controller is
configured and able to register valid host resource records with an
authoritative DNS server for the domain.
More information about this best practice and detailed resolution procedures:
http://go.microsoft.com/fwlink/?LinkId=131229
All Domain Controllers have zone updates rights on the master dns server, and
according to the logfile updating zones works.
My DNS-Servers are running BIND 9.7.3-P3.
So this is presumably not a problem of the bind servers themselves, but still,
does anyone have an idea how to get rid of the error messages?
Anyone know the checkbox to unset? I didn't find one...
With regards
Christian Melbinger
---
Ing. Christian Melbinger
Netzwerk & Security
WienIT EDV Dienstleistungsgesellschaft mbH & Co KG
A-1030 Wien, Thomas-Klestil-Platz 6
tel: +43 (1) 90405 47188<tel:%2B43%20%281%29%2090405%2047188>
fax: +43 (1) 90405 88 47188<tel:%2B43%20%281%29%2090405%2088%2047188>
mailto:christian.melbin...@wienit.at<mailto:christian.melbin...@wienit.at>
____________________________________________________________________________
WienIT EDV Dienstleistungsgesellschaft mbH & Co KG, A-1030 Wien,
Thomas-Klestil-Platz 6,
FN 255974h, Handelsgericht Wien, DVR: 2109667, UID-Nr. ATU61260824
Persönlich haftender Gesellschafter:
WienIT EDV Dienstleistungsgesellschaft mbH, A-1030 Wien, Thomas-Klestil-Platz 6,
FN 255649f, Handelsgericht Wien, UID-Nr. ATU61296118
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org<mailto:bind-users@lists.isc.org>
https://lists.isc.org/mailman/listinfo/bind-users
--
I'm just going to throw out a few ideas, not sure any or all of them will get
you in the right direction...but I had significant issues with DCs and dynamic
updates following a migration from AD integrated DNS to BIND.
What A records map to those IP addresses listed (10.1.1.1, 10.2.2.2)?
Are there any "same as zone" records that point to your DC IPs? (this is
common if DNS is AD integrated)
Do you see in the Event Viewer on the DC that it is successfully registering
the A, PTR and SRV records? (not sure what log this is in, been a little while
since I looked last).
I know you said it was the case, but your BIND config has one of the following
options set?
- allow-update { address_match_list }; <-- If the DC is pointing to the master
BIND server
- allow-update-forwarding { address_match_list }; <-- if the DC is pointing to
the slave BIND server
What happens if you issue the ipconfig /registerdns command from the DCs?
- Will
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
