General
cancel
Showing results for 
Search instead for 
Did you mean: 

cannot synchronize BIND9 with WIN2000 DNS AD

SOLVED
Go to solution
'chris'
Super Advisor

cannot synchronize BIND9 with WIN2000 DNS AD

hi

I cannot synchronize BIND9 with WIN2000 DNS from Active Directory.
I've created on linux a slave Zone for domain.net, but get following error message:

Nov 7 13:29:38 ns1 named[1055]: transfer of 'domain.net/IN' from 192.168.1.10#53: failed while receiving responses: REFUSED
Nov 7 13:29:38 ns1 named[1055]: transfer of 'doamin.net/IN' from 192.168.1.10#53: end of transfer

I have BIND version 9.2.4

knows someone why WIN2000 DNS refused the zone transfer ?

kind regards
chris
16 REPLIES
Alexander Chuzhoy
Honored Contributor

Re: cannot synchronize BIND9 with WIN2000 DNS AD

Go to your windows server.
click on start,then choose run
type dnsmgmt.msc
expand the relevant zone.
Right click on it and choose properties.
Then go to "zone transfers" tab
and check the "allow zone transfer" ,while to any server is selected,or you can specify an IP of servers to which allow the zone transfer.
Ivan Ferreira
Honored Contributor

Re: cannot synchronize BIND9 with WIN2000 DNS AD

In the Windows DNS console you must enable:

"bind secondaries"
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
'chris'
Super Advisor

Re: cannot synchronize BIND9 with WIN2000 DNS AD

thanks,

but cannot find "bind secondaries" option on
the Windows DNS console.

Ivan Ferreira
Honored Contributor

Re: cannot synchronize BIND9 with WIN2000 DNS AD

It's in the avdanced tab:

See:

http://informit.staging.informit.mttech.com/content/images/chap3_0789730146/elementLinks/03fig09.jpg

Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
'chris'
Super Advisor

Re: cannot synchronize BIND9 with WIN2000 DNS AD

"allow zone transfer" is to any server

"bind secondaries" is enabled,

but still doesn't work and I get the same error messages.
Alexander Chuzhoy
Honored Contributor

Re: cannot synchronize BIND9 with WIN2000 DNS AD

Check if you can reach the dns server on port 53?
telnet dnserver 53


'chris'
Super Advisor

Re: cannot synchronize BIND9 with WIN2000 DNS AD

telnet dnserver 53 is working
Alexander Chuzhoy
Honored Contributor

Re: cannot synchronize BIND9 with WIN2000 DNS AD

see if the user (under which dns is working) is allowed to create files in place that's specified in named.conf file.


Besides what version of linux is it?
If it's redhat 4 or fedora 3 or higher then the files should be created in /var/named/chroot/var/named
by default and not in /var/named
'chris'
Super Advisor

Re: cannot synchronize BIND9 with WIN2000 DNS AD

local dns server SLAVE: debian sarge with BIND version 9.2.4

remote dns server MASTER: WIN2000 Active Directory

should I create a windows user on linux ?
Ivan Ferreira
Honored Contributor

Re: cannot synchronize BIND9 with WIN2000 DNS AD

Please check the logs on the DNS console to see if there is any clue. Post any relevant messages.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
'chris'
Super Advisor

Re: cannot synchronize BIND9 with WIN2000 DNS AD

the logs on linux:

Nov 7 19:29:39 ns1 named[1055]: transfer of 'domain.net/IN' from 192.168.1.10#53: failed while receiving responses: REFUSED
Nov 7 19:29:39 ns1 named[1055]: transfer of 'doamin.net/IN' from 192.168.1.10#53: end of transfer

I don't have any others logs.
Steven E. Protter
Exalted Contributor

Re: cannot synchronize BIND9 with WIN2000 DNS AD

Windows isn't playing nicely with Linux. You need to get it to allow the zone transfer. You might do better posting this to windows, since that is where the work needs to be done.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Ivan Ferreira
Honored Contributor

Re: cannot synchronize BIND9 with WIN2000 DNS AD

I mean the "Windows" DNS console logs.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
'chris'
Super Advisor

Re: cannot synchronize BIND9 with WIN2000 DNS AD

but howto check WIN2000 console logs ?
sorry about that, but I'm not WIN2000 specialist.
Ivan Ferreira
Honored Contributor
Solution

Re: cannot synchronize BIND9 with WIN2000 DNS AD

You are not a windows expert, good for you!!! ;)

To access DNS logs, use start, programs, administrative tools, DNS.


Click the DNS server, event viewer, DNS events.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Thomas Bianco
Honored Contributor

Re: cannot synchronize BIND9 with WIN2000 DNS AD

it sounds like you don't have the secondary listed as a NS in the domain on the windows 2000 side. make sure it's listed then check the server properties in the DNS console and enable transfers to all listed name servers

of the references before:
bind secondaries is required for bind 4.x, bind 9 supports the transfer method, but it's probably a good idea to turn it on anyways http://www.microsoft.com/technet/community/columns/profwin/pw0101.mspx

allowing transfers to all servers will probably fix your issue, but it leaves an open door.

lastly, if this is an active directory integrated domain, you cannot have a bind secondary.
There have been Innumerable people who have helped me. Of course, I've managed to piss most of them off.