M
Microsoft News
We've implemented an integrated BIND/Windows 2000 (SP4) DNS infrastructure
as detailed in article Q255913. I don't really like this configuration, MCS
recommended it, because of a few quirks but it functions fine. No errors in
the DNS and Directory event logs result due to this configuration (We do get
the A record registration error though, but the record is already in the
root BIND system). All Windows 2000 DNS servers are set up to forwad unknown
requests to the root BIND servers. A couple of questions came up a few days
ago, when the BIND admin snooped DNS communication between the BIND server
and the 2K DNS server. This is the resulting BIND log file:
Using device /dev/hme (promiscuous mode)
2K DNS Server -> Bind Server DNS C ldap._tcp.dc._msdcs.Server1.msft.com.
Internet Unknown (33) ?
Bind Server -> 2K DNS Server DNS R Error: 3(Name Error)
Bind Server -> 2K DNS Server DNS C _udp.msft.com. Internet SOA ?
2K DNS Server -> Bind Server DNS R _udp.msft.com. Internet SOA
Bind Server -> 2K DNS Server DNS C _tcp.msft.com. Internet SOA ?
2K DNS Server -> Bind Server DNS R _tcp.msft.com. Internet SOA
Two questions came up:
1. Why is the 2000 DNS server hunting for an LDAP SRV record in a domain
name space that appears to be named "Server3.msft.com"?
2. Why does the 2000 DNS server go to the BIND server to attempt to resolve
the SRV records that it owns.
I've turned up logging on the 2000 DNS servers and the following is what I
believe corresponds to the above BIND logs (All IP and internal naming
information has been changed):
Snd BIND Server 07a4 Q [0001 D NOERROR]
(5)_ldap(4)_tcp(2)dc(6)_msdcs(7)Server1(5)msft(3)com(0)
UDP question info at 004CD12C
Socket = 400
Remote addr BIND Server, port 53
Time Query=0, Queued=0, Expire=0
Buf length = 0x0200 (512)
Msg length = 0x0038 (56)
Message:
XID 0x07a4
Flags 0x0100
QR 0 (question)
OPCODE 0 (QUERY)
AA 0
TC 0
RD 1
RA 0
Z 0
RCODE 0 (NOERROR)
QCOUNT 0x1
ACOUNT 0x0
NSCOUNT 0x0
ARCOUNT 0x0
Offset = 0x000c, RR count = 0
Name "(5)_ldap(4)_tcp(2)dc(6)_msdcs(7)Server1(5)msft(3)com(0)"
QTYPE SRV (33)
QCLASS 1
ANSWER SECTION:
AUTHORITY SECTION:
ADDITIONAL SECTION:
Rcv BIND Server 07a4 R Q [8385 A DR NXDOMAIN]
(5)_ldap(4)_tcp(2)dc(6)_msdcs(7)Server1(5)msft(3)com(0)
UDP response info at 004CDE2C
Socket = 400
Remote addr BIND Server, port 53
Time Query=2256911, Queued=0, Expire=0
Buf length = 0x0200 (512)
Msg length = 0x0073 (115)
Message:
XID 0x07a4
Flags 0x8583
QR 1 (response)
OPCODE 0 (QUERY)
AA 1
TC 0
RD 1
RA 1
Z 0
RCODE 3 (NXDOMAIN)
QCOUNT 0x1
ACOUNT 0x0
NSCOUNT 0x1
ARCOUNT 0x0
Offset = 0x000c, RR count = 0
Name "(5)_ldap(4)_tcp(2)dc(6)_msdcs(7)Server1(5)msft(3)com(0)"
QTYPE SRV (33)
QCLASS 1
ANSWER SECTION:
AUTHORITY SECTION:
Offset = 0x0038, RR count = 0
Name "[C029](5)msft(3)com(0)"
TYPE SOA (6)
CLASS 1
TTL 3600
DLEN 47
DATA
PrimaryServer: (8)BIND Server[C029](5)msft(3)com(0)
Administrator:
(8)dnsadmin(4)mail[C029](5)msft(3)com(0)
SerialNo = 3201893
Refresh = 3600
Retry = 1800
Expire = 3600000
MinimumTTL = 3600
ADDITIONAL SECTION:
Snd Windows 2000 DNS Server 96fc R Q [8385 A DR NXDOMAIN]
(5)_ldap(4)_tcp(2)dc(6)_msdcs(7)Server1(5)msft(3)com(0)
UDP response info at 004CDE2C
Socket = 384
Remote addr Windows 2000 DNS Server, port 3433
Time Query=2256911, Queued=0, Expire=0
Buf length = 0x0200 (512)
Msg length = 0x0073 (115)
Message:
XID 0x96fc
Flags 0x8583
QR 1 (response)
OPCODE 0 (QUERY)
AA 1
TC 0
RD 1
RA 1
Z 0
RCODE 3 (NXDOMAIN)
QCOUNT 0x1
ACOUNT 0x0
NSCOUNT 0x1
ARCOUNT 0x0
Offset = 0x000c, RR count = 0
Name "(5)_ldap(4)_tcp(2)dc(6)_msdcs(7)Server1(5)msft(3)com(0)"
QTYPE SRV (33)
QCLASS 1
ANSWER SECTION:
AUTHORITY SECTION:
Offset = 0x0038, RR count = 0
Name "[C029](5)msft(3)com(0)"
TYPE SOA (6)
CLASS 1
TTL 3600
DLEN 47
DATA
PrimaryServer: (8)BIND Server[C029](5)msft(3)com(0)
Administrator:
(8)dnsadmin(4)mail[C029](5)msft(3)com(0)
SerialNo = 3201893
Refresh = 3600
Retry = 1800
Expire = 3600000
MinimumTTL = 3600
ADDITIONAL SECTION:
Rcv Windows 2000 DNS Server 7cfd Q [0001 D NOERROR]
(5)_ldap(4)_tcp(18)Site
Name(6)_sites(2)dc(6)_msdcs(7)Server2(5)msft(3)com(0)
UDP question info at 004D767C
Socket = 384
Remote addr Windows 2000 DNS Server, port 3436
Time Query=2256911, Queued=0, Expire=0
Buf length = 0x0200 (512)
Msg length = 0x0052 (82)
Message:
XID 0x7cfd
Flags 0x0100
QR 0 (question)
OPCODE 0 (QUERY)
AA 0
TC 0
RD 1
RA 0
Z 0
RCODE 0 (NOERROR)
QCOUNT 0x1
ACOUNT 0x0
NSCOUNT 0x0
ARCOUNT 0x0
Offset = 0x000c, RR count = 0
Name "(5)_ldap(4)_tcp(18)Site
Name(6)_sites(2)dc(6)_msdcs(7)Server2(5)msft(3)com(0)"
QTYPE SRV (33)
QCLASS 1
ANSWER SECTION:
AUTHORITY SECTION:
ADDITIONAL SECTION:
My knowledge of DNS internals is somewhat limited, so I was curious if
anyone else had any suggestions. I know that the 2000 system is looking up a
SRV record (33) on the BIND system, but I'm not sure why it hits the BIND
server first. I understand that the SRV record has the server name hosting
the service as part of the record but why does it append the server name to
the SRV record it is looking up? Any comments would be appreciated. Again,
there is no visible problems with the system.
Thanks,
Dave
as detailed in article Q255913. I don't really like this configuration, MCS
recommended it, because of a few quirks but it functions fine. No errors in
the DNS and Directory event logs result due to this configuration (We do get
the A record registration error though, but the record is already in the
root BIND system). All Windows 2000 DNS servers are set up to forwad unknown
requests to the root BIND servers. A couple of questions came up a few days
ago, when the BIND admin snooped DNS communication between the BIND server
and the 2K DNS server. This is the resulting BIND log file:
Using device /dev/hme (promiscuous mode)
2K DNS Server -> Bind Server DNS C ldap._tcp.dc._msdcs.Server1.msft.com.
Internet Unknown (33) ?
Bind Server -> 2K DNS Server DNS R Error: 3(Name Error)
Bind Server -> 2K DNS Server DNS C _udp.msft.com. Internet SOA ?
2K DNS Server -> Bind Server DNS R _udp.msft.com. Internet SOA
Bind Server -> 2K DNS Server DNS C _tcp.msft.com. Internet SOA ?
2K DNS Server -> Bind Server DNS R _tcp.msft.com. Internet SOA
Two questions came up:
1. Why is the 2000 DNS server hunting for an LDAP SRV record in a domain
name space that appears to be named "Server3.msft.com"?
2. Why does the 2000 DNS server go to the BIND server to attempt to resolve
the SRV records that it owns.
I've turned up logging on the 2000 DNS servers and the following is what I
believe corresponds to the above BIND logs (All IP and internal naming
information has been changed):
Snd BIND Server 07a4 Q [0001 D NOERROR]
(5)_ldap(4)_tcp(2)dc(6)_msdcs(7)Server1(5)msft(3)com(0)
UDP question info at 004CD12C
Socket = 400
Remote addr BIND Server, port 53
Time Query=0, Queued=0, Expire=0
Buf length = 0x0200 (512)
Msg length = 0x0038 (56)
Message:
XID 0x07a4
Flags 0x0100
QR 0 (question)
OPCODE 0 (QUERY)
AA 0
TC 0
RD 1
RA 0
Z 0
RCODE 0 (NOERROR)
QCOUNT 0x1
ACOUNT 0x0
NSCOUNT 0x0
ARCOUNT 0x0
Offset = 0x000c, RR count = 0
Name "(5)_ldap(4)_tcp(2)dc(6)_msdcs(7)Server1(5)msft(3)com(0)"
QTYPE SRV (33)
QCLASS 1
ANSWER SECTION:
AUTHORITY SECTION:
ADDITIONAL SECTION:
Rcv BIND Server 07a4 R Q [8385 A DR NXDOMAIN]
(5)_ldap(4)_tcp(2)dc(6)_msdcs(7)Server1(5)msft(3)com(0)
UDP response info at 004CDE2C
Socket = 400
Remote addr BIND Server, port 53
Time Query=2256911, Queued=0, Expire=0
Buf length = 0x0200 (512)
Msg length = 0x0073 (115)
Message:
XID 0x07a4
Flags 0x8583
QR 1 (response)
OPCODE 0 (QUERY)
AA 1
TC 0
RD 1
RA 1
Z 0
RCODE 3 (NXDOMAIN)
QCOUNT 0x1
ACOUNT 0x0
NSCOUNT 0x1
ARCOUNT 0x0
Offset = 0x000c, RR count = 0
Name "(5)_ldap(4)_tcp(2)dc(6)_msdcs(7)Server1(5)msft(3)com(0)"
QTYPE SRV (33)
QCLASS 1
ANSWER SECTION:
AUTHORITY SECTION:
Offset = 0x0038, RR count = 0
Name "[C029](5)msft(3)com(0)"
TYPE SOA (6)
CLASS 1
TTL 3600
DLEN 47
DATA
PrimaryServer: (8)BIND Server[C029](5)msft(3)com(0)
Administrator:
(8)dnsadmin(4)mail[C029](5)msft(3)com(0)
SerialNo = 3201893
Refresh = 3600
Retry = 1800
Expire = 3600000
MinimumTTL = 3600
ADDITIONAL SECTION:
Snd Windows 2000 DNS Server 96fc R Q [8385 A DR NXDOMAIN]
(5)_ldap(4)_tcp(2)dc(6)_msdcs(7)Server1(5)msft(3)com(0)
UDP response info at 004CDE2C
Socket = 384
Remote addr Windows 2000 DNS Server, port 3433
Time Query=2256911, Queued=0, Expire=0
Buf length = 0x0200 (512)
Msg length = 0x0073 (115)
Message:
XID 0x96fc
Flags 0x8583
QR 1 (response)
OPCODE 0 (QUERY)
AA 1
TC 0
RD 1
RA 1
Z 0
RCODE 3 (NXDOMAIN)
QCOUNT 0x1
ACOUNT 0x0
NSCOUNT 0x1
ARCOUNT 0x0
Offset = 0x000c, RR count = 0
Name "(5)_ldap(4)_tcp(2)dc(6)_msdcs(7)Server1(5)msft(3)com(0)"
QTYPE SRV (33)
QCLASS 1
ANSWER SECTION:
AUTHORITY SECTION:
Offset = 0x0038, RR count = 0
Name "[C029](5)msft(3)com(0)"
TYPE SOA (6)
CLASS 1
TTL 3600
DLEN 47
DATA
PrimaryServer: (8)BIND Server[C029](5)msft(3)com(0)
Administrator:
(8)dnsadmin(4)mail[C029](5)msft(3)com(0)
SerialNo = 3201893
Refresh = 3600
Retry = 1800
Expire = 3600000
MinimumTTL = 3600
ADDITIONAL SECTION:
Rcv Windows 2000 DNS Server 7cfd Q [0001 D NOERROR]
(5)_ldap(4)_tcp(18)Site
Name(6)_sites(2)dc(6)_msdcs(7)Server2(5)msft(3)com(0)
UDP question info at 004D767C
Socket = 384
Remote addr Windows 2000 DNS Server, port 3436
Time Query=2256911, Queued=0, Expire=0
Buf length = 0x0200 (512)
Msg length = 0x0052 (82)
Message:
XID 0x7cfd
Flags 0x0100
QR 0 (question)
OPCODE 0 (QUERY)
AA 0
TC 0
RD 1
RA 0
Z 0
RCODE 0 (NOERROR)
QCOUNT 0x1
ACOUNT 0x0
NSCOUNT 0x0
ARCOUNT 0x0
Offset = 0x000c, RR count = 0
Name "(5)_ldap(4)_tcp(18)Site
Name(6)_sites(2)dc(6)_msdcs(7)Server2(5)msft(3)com(0)"
QTYPE SRV (33)
QCLASS 1
ANSWER SECTION:
AUTHORITY SECTION:
ADDITIONAL SECTION:
My knowledge of DNS internals is somewhat limited, so I was curious if
anyone else had any suggestions. I know that the 2000 system is looking up a
SRV record (33) on the BIND system, but I'm not sure why it hits the BIND
server first. I understand that the SRV record has the server name hosting
the service as part of the record but why does it append the server name to
the SRV record it is looking up? Any comments would be appreciated. Again,
there is no visible problems with the system.
Thanks,
Dave