Re: MS AD 2008R2 and bind
There is a bug in Windows 2008 R2 which prevents correct registration to BIND dns servers. See http://support.microsoft.com/kb/2002490 for the hotfix to apply. Unfortunately, this hotfox still does not correct the behavior. Windows 2008 R2 registers the record first. This record is registered correctly on BIND, but the response from BIND is interpreted by the windows incorrectly, so it stops registering the following records, like the A record. However, the DCs with this patch successfully registers all records related to the AD. This is a strange behavior. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
bind as a service on windows -c option not working
Bind 9.8.1 P1 installed in D:\bind9. Config files and other zone files and log files in D:\bind_config Service configuration: Path to executable D:\bind9\bin\named.exe -c D:\bind_config\etc\named.conf named.conf has the line: directory D:\named.conf; If the registry key HKEY_LOCAL_MACHINE\SOFTWARE\ISC\BIND\InstallDir is present, then at the start the named.conf is searched under the folder etc of InstallDir folder. If I delete this key, the the named.conf file is searched in system32/etc folder or something under system32 folder. In both cases the -c option is not taken by the service. As starting bind from command line, the -c option is taken in account and named.conf is read from the specified path. How to tell the named running as a service to read the config file from the path specified with -c option? Some one please. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
BIND for Active directory with secure update
Hello. I've setup BIND to serve the requests to lan instead of Microsoft DNS by first setting bind as a secondary dns server for Microsoft DNS, copy the zones, and making the BIND the master. In order for domain member hosts to update the records of the their names in dns, I allow unsecure updates from the lan computers. It's a security thread of poisoning the dns. I would like to setup up a secure by the domain servers. On the internet I read about using allow-update with a key file. But I didn't found a page on how to get the key from the Active Directory kerberos system. Could any one point on setting the secure update to bind with key from the already deployed Active Directory? The BIND is running under the windows. Please someone help me. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: bind as a service on windows -c option not working
On 09.12.2011 22:54, wbr...@e1b.org wrote: This is not the answer I am looking. If the parameter exists, it's must working. Have you tried issuing the command from a command prompt? Yes, as I wrote, from the command line the -c option is invoked and the bind is loading the indicated file. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
bind as a service on windows -c option not working
Bind 9.8.1 P1 installed in D:\bind9. Config files and other zone files and log files in D:\bind_config Service configuration: Path to executable D:\bind9\bin\named.exe -c D:\bind_config\etc\named.conf named.conf has the line: directory D:\named.conf; If the registry key HKEY_LOCAL_MACHINE\SOFTWARE\ISC\BIND\InstallDir is present, then at the start the named.conf is searched under the folder etc of InstallDir folder. If I delete this key, the the named.conf file is searched in system32/etc folder or something under system32 folder. In both cases the -c option is not taken by the service. As starting bind from command line, the -c option is taken in account and named.conf is read from the specified path. How to tell the named running as a service to read the config file from the path specified with -c option? ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: bind as a service on windows -c option not working
On 09.12.2011 21:32, wbr...@e1b.org wrote: How to tell the named running as a service to read the config file from the path specified with -c option? Try changing path to executable by moving quote: D:\bind9\bin\named.exe -c D:\bind_config\etc\named.conf No luck: The following information is part of the event: none:0: open: C:\WINDOWS\system32\etc\named.conf: file not found ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: bind as a service on windows -c option not working
On 09.12.2011 22:15, wbr...@e1b.org wrote: No luck: The following information is part of the event: none:0: open: C:\WINDOWS\system32\etc\named.conf: file not found So why not put the configuration file there. Then use the directory option to direct BIND to look for all the zone files on the D: drive. options { directory D:\bind_config; other options as required } This is not the answer I am looking. If the parameter exists, it's must working. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: forward question
I had the same question a while ago. Using bind with forward only to an AD DNS will get to errors for infrastructure, because of BIND caching unable to disable for this forwarded zone. Also BIND does not redirect all updates queries to AD DNS, while in an AD environment updates are made very often. So is better to use this BIND as secondary zone, not as a forward zone. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: forward question
On 01.09.2011 19:01, CT wrote: so did you end up setting up a slave zone (for the internal AD DNS) on your public DNS server ? No, for now I just left the AD DNS (Microsoft DNS) instead of BIND. I didn't have time to move all DNS servers to BIND and make them primary/slave for locale zone. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Forward only zones.
On 25.07.2011 10:15, Matus UHLAR - fantomas wrote: This is how BIND is supposed to work. If you _need_ such setup, why don't you setup your AD servers as recursive point clients directly to them? you can teoretically configure maximum cache time in BIND but that would be useless server. I can configure AD servers to Microsoft DNS. But how about workstations? The all are configured to use BIND DNS. If I change them to Microsoft DNS, then there is no use of BIND DNS. There's already no use for BIND if you really want what you described. So better deinstall BIND and configure stations to use microsoft's DNS. Not that I prefer or advise using microsoft's DNS, is sucks pretty much. But as you described it, there's no point in using BIND for you. I have this point. I want to use BIND, because the server on wich resides BIND is also a gateway to internet and every client is configured to use it. And this server I prepare to switch to *unix system, and I am moving every necessary service from windows integrated to opensource multisystem support. I just can't for now move active directory's dns database to BIND. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Forward only zones.
On 26.07.2011 00:48, Kevin Darcy wrote: Correct. That's the distinction which is typically made between a DNS *forwarder* (which caches) and a DNS *proxy* (which doesn't). As far as I know, BIND cannot be configured to be a DNS proxy. But I don't want BIND as a proxy. ) Answers from its cache, that may be out of date. This is tunable via the TTL values on the relevant RRsets. Consult the manual of your authoritative DNS server software, for details. TTL or expires must be lowered at microsoft DNS? Also, records not always are update when adding or removing computers from domain. Either a) you're just restating the previous problem (answers might be from cached data) or b) this is a data-consistency or lag problem between various components in Microsoft-land -- BIND cannot fix that. Answers are from cache. On 26.07.2011 10:22, harish badrinath wrote: On Mon, Jul 25, 2011 at 7:53 PM, Vbvbrjvbv...@gmail.com wrote: I just can't for now move active directory's dns database to BIND. You could use something much simpler like dnsmasq (http://thekelleys.org.uk/dnsmasq/doc.html). Setting it up as a DNS forwarder is a breeze, while you migrate DNS data away from microsoft DNS to BIND ?? Interesting solution, but this software is not for windows. For now I replace software for needed services from Microsoft to opensource on the same microsoft server. When I'll move every service (samba, AD, file server extended security) I'll move to *unix system. On 26.07.2011 10:57, Peter Andreev wrote: May be you should look at the problem from other point and configure microsoft's dns server to forward queries to BIND? Of course you will need to reconfigure clients to use microsoft's dns only, but in this case microsoft's dns will serve queries to your domain and BIND wil server qeries to other domains. I think it will be better solution. For now I just use Microsoft DNS on the same server. Until I will find a way for my BIND problem, or learn to use AD with BIND. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Forward only zones.
On 24.07.2011 18:40, Matus UHLAR - fantomas wrote: On 24.07.11 09:15, Vbvbrj wrote: forwarders { a.b.c.d; }; // Forward to providers dns. }; zone my_domain.com IN { I would prefer not to using underscores in domain names. While they are allowed, they may cause some stuff not to work. Why do you have underscore here? It's an example of name. I don't use underscore. ) This is how BIND is supposed to work. If you _need_ such setup, why don't you setup your AD servers as recursive point clients directly to them? you can teoretically configure maximum cache time in BIND but that would be useless server. I can configure AD servers to Microsoft DNS. But how about workstations? The all are configured to use BIND DNS. If I change them to Microsoft DNS, then there is no use of BIND DNS. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind time up.
Everyone how advised this, thank you. interface-interval 0; works like I need. Also I could set interval to 24h, because the switch is not disconnected longer than a day. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Bind time up.
Hello. I have a server at home, that runs Bind 9 dns and routes internal traffic to internet. Its working fine. When I'm out of home, I disconnect my home switch. In bind log appears no longer listening on 192.168.0.1#53. After a return to home and connecting switch, BIND does not respond to internal lan for long time till BIND start listening. Or I have to reload BIND service or reload configs with rndc. How to tell BIND to not stop listening on cable disconnected adapters? Thank you ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind time up.
On 23.07.2011 17:24, Lyle Giese wrote: On 07/23/11 03:22, Vbvbrj wrote: Hello. I have a server at home, that runs Bind 9 dns and routes internal traffic to internet. Its working fine. When I'm out of home, I disconnect my home switch. In bind log appears no longer listening on 192.168.0.1#53. After a return to home and connecting switch, BIND does not respond to internal lan for long time till BIND start listening. Or I have to reload BIND service or reload configs with rndc. How to tell BIND to not stop listening on cable disconnected adapters? Thank you Why are you doing this? That is disruptive to the NIC inside the OS and that gets passed on to BIND. If you are just doing this for security reasons, disconnecting the cable to your Internet connection might accomplish the same thing and not be as disruptive. Lyle I'm disconnecting all in-house electrical device except for my server and some devices. I'm doing this for electrical economy. So, the home switch is not used while I'm out, I disconnect it too. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users