The DC must not only be allow to update his A, (if applicable) and PTR
records, he must also be able to update his SRV and TXT records. Please add the
DC to the ACL for allow-updates on the zone that corresponds to the AD
Domain/Kerberos zone, and then confirm that it is working by restarting
Netlogon service (necessary, because IPCONFIG /registerdns only updates A,
(if applicable) and PTR records, while the former regenerates the SRV records,
et al).
Hope that helps,
-DTK
Sent via BlackBerry from T-Mobile
-Original Message-
From: Melbinger Christian christian.melbin...@wienit.at
Sender: bind-users-bounces+root=nachtmaus...@lists.isc.orgDate: Tue, 3 Jan 2012
13:47:30
To: Carsten Strotmann (private)c...@strotmann.de
Cc: bind-users@lists.isc.orgbind-users@lists.isc.org
Subject: AW: MS AD 2008R2 and bind
Hello
Thanks for your answer, but unfortunately that's not the case.
When I do a nslookup like nslookup internal.wienit.at, I get back the IPs of
the DCs, speaking
Addresses: 10.4.4.4, 10.5.5.5
The error message
The invalid IP addresses are 10.1.1.1; 10.2.2.2.
is pointing towards the dns-servers. (bind and linux, no windows there)
I also had an old dns server running on 10.3.3.3, which was included in the
error message too. I shut it down but the ip only got removed from the error
once I deleted the NS Record. (yeah forgot to do that)
any ideas?
---
Ing. Christian Melbinger
Netzwerk Security
WienIT EDV Dienstleistungsgesellschaft mbH Co KG
A-1030 Wien, Thomas-Klestil-Platz 6
tel: +43 (1) 90405 47188
fax: +43 (1) 90405 88 47188
mailto:christian.melbin...@wienit.at
-Ursprüngliche Nachricht-
Von: Carsten Strotmann (private) [mailto:c...@strotmann.de]
Gesendet: Dienstag, 03. Jänner 2012 13:07
An: Melbinger Christian
Cc: bind-users@lists.isc.org
Betreff: Re: MS AD 2008R2 and bind
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Christian,
On 1/3/12 11:00 AM, Melbinger Christian wrote:
So this is presumably not a problem of the bind servers themselves,
but still, does anyone have an idea how to get rid of the error
messages?
Anyone know the checkbox to unset? I didn?t find one?
from the error message you've seeing, the problem is that the domain
controller has already found DNS entries for itself in the DNS, but
the entries are pointing to a different IP Address than the domain
controller has.
The domain controller will not overwrite the existing entries. You
have to remove the wrong, stale entries and after that the domain
controller should be able to register (update) the address records
with the correct IP addresses. You can force this with a reboot or
with ipconfig /registerdns from the commandline.
The old IP addresses might be leftovers from a test, and have not been
properly removed when the IP addresses of the domain controller has
been changed.
Best regards
Carsten Strotmann
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk8C72MACgkQsUJ3c+pomYF23wCfUB8ziHkSkF3R1XTtVOUoU4SX
yHAAn2N59KR3k14fbA+WG8AYjOBpjBzl
=uRxM
-END PGP SIGNATURE-
Hi
My company moved to a 2008R2 Domain Controller environment. Now I see the
following message in the windows log:
Title: This domain controller must register its correct IP addresses with the
DNS server
Severity: Error
Category: Configuration
Issue: The Domain Name System (DNS) host resource records for this domain
controller's fully qualified domain name currently map to the IP addresses that
do not belong to this domain controller. The invalid IP addresses are 10.1.1.1;
10.2.2.2.
Impact: Other member computers and domain controllers in the domain or forest
might not be able to locate this domain controller. This domain controller will
not be able to provide a full suite of services.
Resolution: Ensure that the DNS Client service on this domain controller is
configured and able to register valid host resource records with an
authoritative DNS server for the domain.
More information about this best practice and detailed resolution procedures:
http://go.microsoft.com/fwlink/?LinkId=131229
All Domain Controllers have zone updates rights on the master dns server, and
according to the logfile updating zones works.
My DNS-Servers are running BIND 9.7.3-P3.
So this is presumably not a problem of the bind servers themselves, but still,
does anyone have an idea how to get rid of the error messages?
Anyone know the checkbox to unset? I didn't find one.
With regards
Christian Melbinger
---
Ing. Christian Melbinger
Netzwerk Security
WienIT EDV Dienstleistungsgesellschaft mbH Co KG
A-1030 Wien, Thomas-Klestil-Platz 6
tel: +43 (1) 90405 47188
fax: +43 (1) 90405 88 47188
mailto:christian.melbin...@wienit.at
WienIT EDV Dienstleistungsgesellschaft mbH Co KG