[ActiveDir] BIND allow-update
Easy question for the group - I have a forest rood domain: msroot.company I have a domain: company.com We use BIND. My question: do I need an allow-update entry for both zones or just the forest root zone for proper dynamic update operation? Thanks in advance, James List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
Re: [ActiveDir] BIND allow-update
allow-update needs to be configured per zone, so if you want dynamic updates to occur in both domains you'll need the allow-update entry in the zones representing each domain. - Original Message - From: [EMAIL PROTECTED] To: ActiveDir@mail.activedir.org Sent: Friday, October 06, 2006 2:01 PM Subject: [ActiveDir] BIND allow-update Easy question for the group - I have a forest rood domain: msroot.company I have a domain: company.com We use BIND. My question: do I need an allow-update entry for both zones or just the forest root zone for proper dynamic update operation? Thanks in advance, James List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] BIND allow-update
I believe that that would be a BIND specific situation and allow-update or update-policy can be used, but both directives are per zone. If you have two AD Domains that you want to enable dynamic update on, then yes. But using BIND for AD in all honesty is quite painful. But if you must http://www.linux-mag.com/2001-03/bind_01.html Then read the unix haters handbook.(Not that I don't like Unix) http://research.microsoft.com/~daniel/uhh-download.html -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir- [EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: October 6, 2006 9:01 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] BIND allow-update Easy question for the group - I have a forest rood domain: msroot.company I have a domain: company.com We use BIND. My question: do I need an allow-update entry for both zones or just the forest root zone for proper dynamic update operation? Thanks in advance, James List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] BIND allow-update
Thanks for the replies - I think I have to revise my question. Upon DC promotion - does the DC need to dynamically update the forest root and the domain the DC is in? (e.g. I'm promoting a DC for company.com, does the DC need to do DDNS to both company.com AND msroot.company (the forest root domain)? Thanks again, -James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ansar Mohammed Sent: Friday, October 06, 2006 10:30 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] BIND allow-update I believe that that would be a BIND specific situation and allow-update or update-policy can be used, but both directives are per zone. If you have two AD Domains that you want to enable dynamic update on, then yes. But using BIND for AD in all honesty is quite painful. But if you must http://www.linux-mag.com/2001-03/bind_01.html Then read the unix haters handbook.(Not that I don't like Unix) http://research.microsoft.com/~daniel/uhh-download.html -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir- [EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: October 6, 2006 9:01 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] BIND allow-update Easy question for the group - I have a forest rood domain: msroot.company I have a domain: company.com We use BIND. My question: do I need an allow-update entry for both zones or just the forest root zone for proper dynamic update operation? Thanks in advance, James List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
Re: [ActiveDir] BIND allow-update
The DC in the child domain needs to update the dns zone that represents it's domain. It also needs to update the _msdcs.root domain zone. The _msdcs.root domain zone contains records for the GC's and the CNAME records that are used for replication. Hope that helps. - Original Message - From: [EMAIL PROTECTED] To: ActiveDir@mail.activedir.org Sent: Friday, October 06, 2006 3:45 PM Subject: RE: [ActiveDir] BIND allow-update Thanks for the replies - I think I have to revise my question. Upon DC promotion - does the DC need to dynamically update the forest root and the domain the DC is in? (e.g. I'm promoting a DC for company.com, does the DC need to do DDNS to both company.com AND msroot.company (the forest root domain)? Thanks again, -James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ansar Mohammed Sent: Friday, October 06, 2006 10:30 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] BIND allow-update I believe that that would be a BIND specific situation and allow-update or update-policy can be used, but both directives are per zone. If you have two AD Domains that you want to enable dynamic update on, then yes. But using BIND for AD in all honesty is quite painful. But if you must http://www.linux-mag.com/2001-03/bind_01.html Then read the unix haters handbook.(Not that I don't like Unix) http://research.microsoft.com/~daniel/uhh-download.html -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir- [EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: October 6, 2006 9:01 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] BIND allow-update Easy question for the group - I have a forest rood domain: msroot.company I have a domain: company.com We use BIND. My question: do I need an allow-update entry for both zones or just the forest root zone for proper dynamic update operation? Thanks in advance, James List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] BIND allow-update
You either need to allow the dynamic updates or create the DC's records manually. Do the records need to be created in the zones for the server to be reachable? Yes. Do you have to allow dynamic updates in order to create them? No. One way or another, however, you need to get the records created, and dynamic updates are easier than typing GUIDs. :-) As far as what the records that need to be created *are*, and for information on how to create them manually: http://technet2.microsoft.com/WindowsServer/en/library/b6879c0b-cff7-438d-a7 f3-0715456dcefb1033.mspx?mfr=true http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/ac tivedirectory/maintain/opsguide/part1/adogd10.mspx Laura -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, October 06, 2006 10:45 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] BIND allow-update Thanks for the replies - I think I have to revise my question. Upon DC promotion - does the DC need to dynamically update the forest root and the domain the DC is in? (e.g. I'm promoting a DC for company.com, does the DC need to do DDNS to both company.com AND msroot.company (the forest root domain)? Thanks again, -James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ansar Mohammed Sent: Friday, October 06, 2006 10:30 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] BIND allow-update I believe that that would be a BIND specific situation and allow-update or update-policy can be used, but both directives are per zone. If you have two AD Domains that you want to enable dynamic update on, then yes. But using BIND for AD in all honesty is quite painful. But if you must http://www.linux-mag.com/2001-03/bind_01.html Then read the unix haters handbook.(Not that I don't like Unix) http://research.microsoft.com/~daniel/uhh-download.html -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir- [EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: October 6, 2006 9:01 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] BIND allow-update Easy question for the group - I have a forest rood domain: msroot.company I have a domain: company.com We use BIND. My question: do I need an allow-update entry for both zones or just the forest root zone for proper dynamic update operation? Thanks in advance, James List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] BIND allow-update
Very much - thanks everyone. James Masters Systems Architecture and Engineering The Kroger Co. (859) 363-2346 - Desk (859) 653-8644 - Cell -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of itgeek Sent: Friday, October 06, 2006 12:00 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] BIND allow-update The DC in the child domain needs to update the dns zone that represents it's domain. It also needs to update the _msdcs.root domain zone. The _msdcs.root domain zone contains records for the GC's and the CNAME records that are used for replication. Hope that helps. - Original Message - From: [EMAIL PROTECTED] To: ActiveDir@mail.activedir.org Sent: Friday, October 06, 2006 3:45 PM Subject: RE: [ActiveDir] BIND allow-update Thanks for the replies - I think I have to revise my question. Upon DC promotion - does the DC need to dynamically update the forest root and the domain the DC is in? (e.g. I'm promoting a DC for company.com, does the DC need to do DDNS to both company.com AND msroot.company (the forest root domain)? Thanks again, -James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ansar Mohammed Sent: Friday, October 06, 2006 10:30 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] BIND allow-update I believe that that would be a BIND specific situation and allow-update or update-policy can be used, but both directives are per zone. If you have two AD Domains that you want to enable dynamic update on, then yes. But using BIND for AD in all honesty is quite painful. But if you must http://www.linux-mag.com/2001-03/bind_01.html Then read the unix haters handbook.(Not that I don't like Unix) http://research.microsoft.com/~daniel/uhh-download.html -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir- [EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: October 6, 2006 9:01 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] BIND allow-update Easy question for the group - I have a forest rood domain: msroot.company I have a domain: company.com We use BIND. My question: do I need an allow-update entry for both zones or just the forest root zone for proper dynamic update operation? Thanks in advance, James List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
Re: [ActiveDir] BIND allow-update
http://research.microsoft.com/programs/up_content/bind.doc might be of use.On 10/6/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Easy question for the group -I have a forest rood domain: msroot.companyI have a domain: company.comWe use BIND. My question: do I need an allow-update entry for both zones or just the forest root zone for proper dynamic update operation?Thanks in advance,JamesList info : http://www.activedir.org/List.aspxList FAQ: http://www.activedir.org/ListFAQ.aspxList archive: http://www.activedir.org/ml/threads.aspx
