Master Zone May Not Work with BIND DNS for Windows 2000 Active Directory (241973)
The information in this article applies to:
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
This article was previously published under Q241973 IMPORTANT: This article contains information about modifying the registry. Before you
modify the registry, make sure to back it up and make sure that you understand how to restore
the registry if a problem occurs. For information about how to back up, restore, and edit the
registry, click the following article number to view the article in the Microsoft Knowledge Base:
256986 Description of the Microsoft Windows Registry
SYMPTOMS
When you are using BIND (a popular Domain Name System, or DNS, server implementation) DNS for a Windows 2000 Active Directory domain, the master zone may stop working with the following error message:
Master zone for "domain.com" (IN) rejected due to errors.
CAUSE
A Windows 2000 domain controller registers a host record for various locator services that do not conform to Request for Comments (RFC) 1123 restrictions on host names. For example, a host record is registered for the global catalog servers that takes the following form:
By default, a BIND server checks resource records to ensure that labels conform to RFC 1123 (which does not allow for the underscore character ("_") in host labels) and does not load the master zone. Microsoft complies to RFC 2181 which supersedes RFC 1123 and does not place any restrictions on characters used in a host label.
RESOLUTION
To resolve this problem, disable name checking on the BIND DNS server. To disable name checking, add the following lines to the "/etc/named.conf" configuration file:
options {
check-names master ignore;
};
| Modification Type: | Major | Last Reviewed: | 10/31/2003 |
|---|
| Keywords: | kb3rdparty kbenv kbprb KB241973 |
|---|
|