|
FreeBSD Installation and Upgrading Installing and upgrading FreeBSD. |
|
Thread Tools | Display Modes |
|
|||
BIND as secondary for Windows DNS?
I'd like to setup a DNS server in my remote offices as a slave to my Windows 2003 AD DNS server. I have BIND setup as a slave and on the Windows 2003 name server I have it setup to send zone transfers to my FreeBSD name server. I'm using the FreeBSD name server as the DNS on my Windows Vista PC and I'm able to get to sites on the Internet, ping the local servers (all listed in the domain zone file), but I can't get tracert to find any of the other devices on my network. I also noticed that the SOA serial number is not incrementing on my zone file. How can I force a zone transfer and what log file do I need to monitor to see what's going on?
Go easy on me. I'm new to this OS! thanks, Carlton. |
|
|||
I found the log. Here is what I'm getting:
May 14 14:57:40 FreeBSD named[610]: transfer of '100.168.192.in-addr.arpa/IN' from 192.168.100.2#53: failed while receiving responses: REFUSED May 14 15:08:14 FreeBSD named[610]: zone advocacyinc.org/IN: gc._msdcs.advocacyinc.org/A: bad owner name (check-names) May 14 15:08:14 FreeBSD named[610]: zone advocacyinc.org/IN: gc._msdcs.advocacyinc.org/A: bad owner name (check-names) May 14 15:08:14 FreeBSD named[610]: dumping master file: master/tmp-XA067EFjgx: open: permission denied May 14 15:08:14 FreeBSD named[610]: transfer of 'advocacyinc.org/IN' from 192.168.100.2#53: failed while receiving responses: permission denied Any help would be appreciated. Thanks, Carlton. |
|
|||
As far as I can see your Windows primary/master DNS server refuses to do a zone transfer to the FBSD bind box.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
To play the devil's advocate (no pun intended) ...
Excluding the play factor, what is broke/failing in your network that having remote DNS servers will fix? Do you really have a point-to-point WAN conx for all of the remote offices where everyone is on the same /24? Or, is each office an island unto itself and your "WAN" traverses the Internet via some form of VPN? Unless you have an extremely small pipes to these offices that are already saturated with traffic, it would seem that you are making more work for yourself than needed. Personally, I was fairly pissed when my network rights were reduced and they pulled all of the DHCP, DNS and WINS servers from the remote facilities I am responsible for and centralized them at a NOC. Now I just look after one file/print server per facility and with the execption of being forced to call an "enterprise" admin to get something fixed, it is actually not that bad. Sorry if that sounds harsh, just trying to help you maintain perspective ... Last edited by crayoxide; 14th May 2008 at 11:13 PM. |
|
|||
My goal is to setup redundancy in the remote offices. Right now we have VPN connections coming back to our main office here (each office has it's own subnet), from all of the remote offices. The two Windows DNS servers here serve the entire state (about 110 employees). Each office is running DSL which is super slow so I'd like to free up some bandwidth and speed up the remote queries as well. I could care less about resolving PC names, but I would like to get the zone transfers working so I can setup a serve DNS to each remote office locally.
Now back to my problem. I went to advanced settings from Windows DNS and choose "BIND secondaries" which eliminated most of the errors. Our servers do not have a firewall running and I verified that under "Notify..." that I have the IP address of the FBSD server listed as a secondary. What other settings do I need to set? I've rebooted the FBSD server as well. Here is the remaining error message: May 15 09:26:18 FreeBSD named[610]: transfer of 'advocacyinc.org/IN' from 192.168.100.2#53: failed while receiving responses: REFUSED |
|
|||
Quote:
Usually, the "BIND secondaries" option's default mode is selected. It is there only for versions of BIND 4.9.4 and earlier. Windows 2k and 2k3 servers compress the transfer and BIND <= 4.9.4 would choke on it. Not that it matters that much as it just toggles compression, but it should not be a factor that helped eliminate errors for a BSD box with a default install. Perhaps too much shotgunning of options has taken place and it is time to regroup? Some thoughts to consider to help you baseline: 1. Is the BSD box a default install without any additional makes with strange options set that may have taken place and it is running version 7 of the OS? 2. Is the BSD box in the same room/subnet on the same switch stack as the MS DNS servers? If you can do a zone transfer whilst in house but then it fails remotely, it is a network topology issue as opposed to a configuration issue. This next point might be a non-issue .. 3. If the DNS server is config'd to ask a WINS server for names it can not find, it will insert a record in the zone datafile that *is not* a standard record type and BIND will refuse to load the zone. 4. Since you have the option checked that says "Only Servers listed on the Name Servers tab", try switching it to "Only to the following servers" and hard code in an IP address instead of relying on yet another DNS lookup just to get an IP address. HTH's |
|
|||
I didn't realize that named would create the the zone files for me. After I wiped the zone files I created the zones started to populate. Now that it's working, I'm getting the following error. Maybe this is caused by me selecting the "BIND secondaries" option on Windows?
May 16 07:36:39 FreeBSD named[2447]: transfer of 'advocacyinc.org/IN' from 192.168.100.2#53: failed while receiving responses: not exact |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
The best way to backup windows | TerryP | Other OS | 4 | 8th February 2009 10:32 PM |
Bind-9.5 | Petrocelli08 | FreeBSD Ports and Packages | 6 | 29th January 2009 12:03 AM |
Help secure old BIND on FreeBSD 5.4 | andrewk | FreeBSD Security | 2 | 22nd July 2008 08:12 PM |
Top Ten Worst Uses for Windows | TerryP | Off-Topic | 5 | 14th July 2008 04:05 PM |
squid bind problem | samile | Other BSD and UNIX/UNIX-like | 0 | 11th July 2008 02:13 PM |