DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD Installation and Upgrading

FreeBSD Installation and Upgrading Installing and upgrading FreeBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 13th May 2008
cwhitmore cwhitmore is offline
Port Guard
 
Join Date: May 2008
Posts: 27
Thanked 0 Times in 0 Posts
Default BIND as secondary for Windows DNS?

I'd like to setup a DNS server in my remote offices as a slave to my Windows 2003 AD DNS server. I have BIND setup as a slave and on the Windows 2003 name server I have it setup to send zone transfers to my FreeBSD name server. I'm using the FreeBSD name server as the DNS on my Windows Vista PC and I'm able to get to sites on the Internet, ping the local servers (all listed in the domain zone file), but I can't get tracert to find any of the other devices on my network. I also noticed that the SOA serial number is not incrementing on my zone file. How can I force a zone transfer and what log file do I need to monitor to see what's going on?
Go easy on me. I'm new to this OS!
thanks,
Carlton.
Reply With Quote
  #2   (View Single Post)  
Old 14th May 2008
cwhitmore cwhitmore is offline
Port Guard
 
Join Date: May 2008
Posts: 27
Thanked 0 Times in 0 Posts
Default

I found the log. Here is what I'm getting:

May 14 14:57:40 FreeBSD named[610]: transfer of '100.168.192.in-addr.arpa/IN' from 192.168.100.2#53: failed while receiving responses: REFUSED
May 14 15:08:14 FreeBSD named[610]: zone advocacyinc.org/IN: gc._msdcs.advocacyinc.org/A: bad owner name (check-names)
May 14 15:08:14 FreeBSD named[610]: zone advocacyinc.org/IN: gc._msdcs.advocacyinc.org/A: bad owner name (check-names)
May 14 15:08:14 FreeBSD named[610]: dumping master file: master/tmp-XA067EFjgx: open: permission denied
May 14 15:08:14 FreeBSD named[610]: transfer of 'advocacyinc.org/IN' from 192.168.100.2#53: failed while receiving responses: permission denied

Any help would be appreciated.
Thanks,
Carlton.
Reply With Quote
  #3   (View Single Post)  
Old 14th May 2008
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,198
Thanked 182 Times in 149 Posts
Default

As far as I can see your Windows primary/master DNS server refuses to do a zone transfer to the FBSD bind box.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #4   (View Single Post)  
Old 14th May 2008
crayoxide crayoxide is offline
Fdisk Soldier
 
Join Date: May 2008
Posts: 46
Thanked 2 Times in 2 Posts
Default

To play the devil's advocate (no pun intended) ...

Excluding the play factor, what is broke/failing in your network that having remote DNS servers will fix?

Do you really have a point-to-point WAN conx for all of the remote offices where everyone is on the same /24? Or, is each office an island unto itself and your "WAN" traverses the Internet via some form of VPN?

Unless you have an extremely small pipes to these offices that are already saturated with traffic, it would seem that you are making more work for yourself than needed.

Personally, I was fairly pissed when my network rights were reduced and they pulled all of the DHCP, DNS and WINS servers from the remote facilities I am responsible for and centralized them at a NOC. Now I just look after one file/print server per facility and with the execption of being forced to call an "enterprise" admin to get something fixed, it is actually not that bad.

Sorry if that sounds harsh, just trying to help you maintain perspective ...


Last edited by crayoxide; 14th May 2008 at 11:13 PM.
Reply With Quote
  #5   (View Single Post)  
Old 15th May 2008
ai-danno's Avatar
ai-danno ai-danno is offline
Spam Deminer
 
Join Date: May 2008
Location: Boca Raton, Florida
Posts: 284
Thanked 35 Times in 31 Posts
Default

Your Windows server is definitely refusing the zone transfers/updates.

Have you specifically configured your Windows server to allow your FBSD server to be a valid secondary server? There's a specific section in the Windows DNS server where you specify secondary servers. Have you added your FBSD server to this list? If your FBSD server has multiple IP addresses assigned to it, be sure the one it's communicating DNS on is the one added to this list.

If you have, also be sure there isn't any firewalling in between the two servers... and if so, be sure that BOTH UDP and TCP on port 53 are allowed in each direction (zone transfers, if I'm not mistaken, run on TCP.)

Lastly, I hope you are intending to add the FBSD server to DNS for just basic DNS services... if you are intending to use the FBSD box to extend your Active Directory services (AD user authentication, for instance), you have a lot more to configure than just BIND as a secondary server to the Windows AD primary. But even if you are, you definitely have to overcome this hurdle first anyway.

Hope this helps,
__________________
Network Firefighter
Reply With Quote
  #6   (View Single Post)  
Old 15th May 2008
cwhitmore cwhitmore is offline
Port Guard
 
Join Date: May 2008
Posts: 27
Thanked 0 Times in 0 Posts
Default

My goal is to setup redundancy in the remote offices. Right now we have VPN connections coming back to our main office here (each office has it's own subnet), from all of the remote offices. The two Windows DNS servers here serve the entire state (about 110 employees). Each office is running DSL which is super slow so I'd like to free up some bandwidth and speed up the remote queries as well. I could care less about resolving PC names, but I would like to get the zone transfers working so I can setup a serve DNS to each remote office locally.

Now back to my problem. I went to advanced settings from Windows DNS and choose "BIND secondaries" which eliminated most of the errors. Our servers do not have a firewall running and I verified that under "Notify..." that I have the IP address of the FBSD server listed as a secondary. What other settings do I need to set? I've rebooted the FBSD server as well. Here is the remaining error message:

May 15 09:26:18 FreeBSD named[610]: transfer of 'advocacyinc.org/IN' from 192.168.100.2#53: failed while receiving responses: REFUSED
Reply With Quote
  #7   (View Single Post)  
Old 15th May 2008
crayoxide crayoxide is offline
Fdisk Soldier
 
Join Date: May 2008
Posts: 46
Thanked 2 Times in 2 Posts
Default

Quote:
Originally Posted by cwhitmore View Post
I went to advanced settings from Windows DNS and choose "BIND secondaries" which eliminated most of the errors.
hrmmm ... something is not adding up here as that does not make sense.

Usually, the "BIND secondaries" option's default mode is selected. It is there only for versions of BIND 4.9.4 and earlier. Windows 2k and 2k3 servers compress the transfer and BIND <= 4.9.4 would choke on it. Not that it matters that much as it just toggles compression, but it should not be a factor that helped eliminate errors for a BSD box with a default install.

Perhaps too much shotgunning of options has taken place and it is time to regroup? Some thoughts to consider to help you baseline:

1. Is the BSD box a default install without any additional makes with strange options set that may have taken place and it is running version 7 of the OS?

2. Is the BSD box in the same room/subnet on the same switch stack as the MS DNS servers?

If you can do a zone transfer whilst in house but then it fails remotely, it is a network topology issue as opposed to a configuration issue.

This next point might be a non-issue ..

3. If the DNS server is config'd to ask a WINS server for names it can not find, it will insert a record in the zone datafile that *is not* a standard record type and BIND will refuse to load the zone.

4. Since you have the option checked that says "Only Servers listed on the Name Servers tab", try switching it to "Only to the following servers" and hard code in an IP address instead of relying on yet another DNS lookup just to get an IP address.

HTH's
Reply With Quote
  #8   (View Single Post)  
Old 16th May 2008
cwhitmore cwhitmore is offline
Port Guard
 
Join Date: May 2008
Posts: 27
Thanked 0 Times in 0 Posts
Default

I didn't realize that named would create the the zone files for me. After I wiped the zone files I created the zones started to populate. Now that it's working, I'm getting the following error. Maybe this is caused by me selecting the "BIND secondaries" option on Windows?

May 16 07:36:39 FreeBSD named[2447]: transfer of 'advocacyinc.org/IN' from 192.168.100.2#53: failed while receiving responses: not exact
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
The best way to backup windows TerryP Other OS 4 8th February 2009 10:32 PM
Bind-9.5 Petrocelli08 FreeBSD Ports and Packages 6 29th January 2009 12:03 AM
Help secure old BIND on FreeBSD 5.4 andrewk FreeBSD Security 2 22nd July 2008 08:12 PM
Top Ten Worst Uses for Windows TerryP Off-Topic 5 14th July 2008 04:05 PM
squid bind problem samile Other BSD and UNIX/UNIX-like 0 11th July 2008 02:13 PM


All times are GMT. The time now is 12:25 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick