DNS server not populating zone file

Discussion in 'DNS Server' started by Elliot, Oct 19, 2009.

  1. Elliot

    Elliot Guest

    Hi All,

    My situation:
    2 x Win Server 2003 Active Directory running DNS for domain: my-domain.local
    1 x Linux Server running DHCP/DNS/BIND for domain: my-domain.co.uk (300+
    hosts/PCs with 'A' records)

    My objective:
    Migrate the linux server to my-domain.local, remove DNS services for
    my-domain.co.uk and configure it as a slave DNS server.

    Right, as far as I know I have configured Linux's DHCP and made the changes
    to DNS (named) to set it as a slave. My problem is understanding how to get
    my primary Active Directory server to populate its zone file with all my

    I'm sure there's something fundamental I'm not doing or comprehending.

    Any advice of where I should be looking would be very appreciated.

    Thanks in advance.

    Elliot, Oct 19, 2009
    1. Advertisements

  2. An easy way to move zone data from one DNS server to another (no matter what
    vendor), you can simply create a reverse zone on the one you want to move
    to, such as the Windows DNS server. In the properties of the secondary zone
    on the Windows server, provide the Linux machine's IP address as the Master.
    Make sure that the Linux zone properties (config file) allows zone
    transfers. Also make sure that UDP and TCP ports 53 are both open between
    them. Then allow the zone to transfer. Once the zone file has populated, you
    can change the Secondary zone type to a Primary. With Windows DNS on a DC,
    you can opt to make the zone type AD Integrated. AD integration means it
    simply stores the zone data in the AD database, and not in a text file under
    system32\dns. With AD integration, all DCs in the domain or forest
    (depending on the zone's replication scope you set it to in the zone
    properties), will automatically without any additional steps on your part,
    replicate to the other DCs in it's replication scope. You will see the zone
    auto-appear on its own on the other DC (hit the refresh button). Then you
    can change the zone type on the Linux server to a secondary, but providing
    the Windows DNS as the Master. Make sure you set to allow zone transfers in
    the zone properties on the Windows server.

    I hope that helps.


    This posting is provided "AS-IS" with no warranties or guarantees and
    confers no rights.

    Please reply back to the newsgroup or forum for collaboration benefit among
    responding engineers, and to help others benefit from your resolution.

    Ace Fekay, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA
    2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer

    For urgent issues, please contact Microsoft PSS directly. Please check
    http://support.microsoft.com for regional support phone numbers.
    Ace Fekay [MCT], Oct 20, 2009
    1. Advertisements

  3. Elliot

    EJ Guest

    Hi Ace,

    Thank you very much for the reply.

    With many changes to the AD and linux box from various Google results, I
    seem to have got to a point where the AD is slowly building up its
    'my-domain.local' list with all the old 'my-domain.co.uk' hosts (as they
    acquire new DHCP leases). So I'm relatively happy with this, though I would
    really appreciate some further advice on some new queries:

    - Some of the new 'A' records appearing have an accompanying 'Text (TXT)'
    record, with a value such as: 316fecfcd0caa302ba88a009d12a70daff. I am
    confused as to what this is! Is it a bad thing?
    - I changed the 'my-domain.local' zone settings on the AD server to allow
    'Nonsecure and secure' Dynamic updates. This was previously on 'Secure
    Only'. Not sure whether I should really be setting this back to the original
    settings - if so, would the updates from my Linux DHCP server be prevented?

    Thanks in advance to all who spend the time to peruse my post.

    EJ, Oct 20, 2009
  4. Not sure what the txt host records are for? Lok at an ip address of one of
    them and track it down, this will probably help you figure out how/why it is
    being created. Yes you will need to allow insecure updates if you want the
    foreign dhcp server to do updates for clients, we use a third party dhcp
    server but we still only allow the clients themselves to do updates so we
    keep it at secure. It also prevents pritners from registering their
    annoying names (HP loves to do this) which just pollutes our dns.

    Paul Bergson
    MVP - Directory Services
    MCTS, MCT, MCSE, MCSA, Security+, BS CSci
    2008, 2003, 2000 (Early Achiever), NT4
    Microsoft's Thrive IT Pro of the Month - June 2009


    Please no e-mails, any questions should be posted in the NewsGroup This
    posting is provided "AS IS" with no warranties, and confers no rights.
    Paul Bergson [MVP-DS], Oct 20, 2009
  5. That's a good policy to have the clients register, and not the Linux DHCP
    and keep it to only allow secure updates. In this scenario, do your clients
    update their previously registered IPs with new IPs if they were to get a
    new lease with a new IP?

    Ace Fekay [MCT], Oct 20, 2009

  6. That looks like an IPv6 address. Are the clients Vista with IPv6? If not,
    and I can't fathom why an IPv6 address would register as a TXT record. I
    would check the Linux forums to see if anyone's heard of or seen such a

    In the Linux lease options, I assume you've set Option 015 to

    Any reason to not move to Windows DHCP?

    Ace Fekay [MCT], Oct 20, 2009
  7. Elliot

    EJ Guest

    Hi Ace,

    Thanks for your input.

    I will look into changing our setup to only allow clients to register.

    Admittedly, I'm not sure what you mean by, "do your clients update their
    previously registered IPs with new IPs if they were to get a new lease with
    a new IP?".

    Our clients will dynamically change their IP configuration based on what is
    pushed from the DHCP server whenever the lease expires (or I do ipconfig
    release/renew). Not sure if this is what you are asking?

    Cheers again.

    EJ, Oct 22, 2009
  8. Elliot

    EJ Guest

    Hi Paul,

    I will definitely look into only allowing clients to register - I have
    already begun seeing HP devices flood my zone file :eek:)

    I deleted all the TXT files yesterday just to see what happens, and no
    surprise they have all returned! I'm looking into Ace's IPv6 suggestion at
    the moment.

    Thanks for the replies :)

    EJ, Oct 22, 2009
  9. Hi Elliot,

    I poorly stated that. Sorry. Basically, when a DHCP client gets a new IP, it
    should overwrite the old IP without creating a new record. In a default
    scenario where the DHCP server is registering the A record, it may not own
    the record, therefore it cannot update the current record, so it will create
    a dupe name with a different IP. Not sure if this is also occuring, but you
    can read the following link to see what I mean, to see if it applies if it
    is possibly happening in your case, and how to get around that.

    DHCP, Dynamic DNS Updates , Scavenging, static entries & timestamps, and the
    DnsProxyUpdate Group (How to remove duplicate DNS host records)

    But the txt record issue is curious. What DHCP Scope or Server Options have
    you set?

    Ace Fekay [MCT], Oct 22, 2009
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.