BIND: Slave zone to Master zone(Windows 2012 DC) doesn't work
-
I've searched and then tried inquiring with a few posts with no luck. So I'm reattempting again with a more detailed post about my setup.
WAN aka em0
Interface IP: 216.40.150.250
Name: fw.example.comLAN aka em1
Interface IP: 192.168.1.1
DHCP: range 192.168.1.100-199
Got a static NAT of 216.40.150.246(external) => 192.168.1.200(internal)OPT1 aka em2
Transparent bridge
Interface IP: 216.40.150.249
DHCP: range of 216.40.150.241-245
DHCP being served to a couple of Windows 7 VMs
Windows 2012 DC; also setup as DNS server; has static IP of 215.40.150.247BIND master zone config file:
$TTL 1h
;
$ORIGIN snoopyfan.com.; Database file example.com.DB for example.com zone.
; Do not edit this file!!!
; Zone version 2437079441
;
example.com. IN SOA fw.example.com. example.com. (
2437079441 ; serial
1d ; refresh
2h ; retry
4w ; expire
1h ; default_ttl
);
; Zone Records
;
@ IN NS fw.example.com.
@ IN A 216.40.150.250
www IN CNAME fw.example.com.
fw.example.com. IN A 216.40.150.250
appl.example.com. IN A 216.40.150.246
littlesheep.example.com. IN A 216.40.150.247;
;custom zone records
;
@ IN NS ec2.example.org.
localhost IN A 127.0.0.1Master zone works as clients on LAN and OPT1 interfaces resolve the defined zone records.
GOAL:
-
Setup Windows 2012 as subdomain and called the new forest littlesheep.example.com; FQDN is shepherd.littlesheep.example.com
-
Setup same Windows 2012 DC as DNS server
-
In pfsense>BIND, setup ACL, Views, slave zone for littlesheep
3a) ACL includes
216.40.150.241(Windows 7 with hostname baaah)
216.40.150.242(Windows 7 with hostname lambchop)
216.40.150.243
216.40.150.244
216.40.150.245
216.40.150.247(Windows 2012 DC with DNS)3b) View Name is "littlesheep
Recursive "YES"
Match-Client "littlesheep"
Allow-recursion "littlesheep"3c) Zone Name is littlesheep.example.com
Zone Type "slave"
View "littlesheep"
Master Zone IP "216.40.150.247"
Allow-Query "littlesheep"
Allow-transfer "littlesheep"
Zone Domain Records:
www cname littlesheep.example.com.
littlesheep.example.com. A 216.40.150.247
appl.example.com. A 216.40.150.246
fw.example.com. A 216.40.150.246WHERE I'M STUCK
- On shepherd(DC), I set it to all transfer for ANY. I go to one of my Windows 7 box and try to join it to littlesheep.example.com, I get this message:
The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "littlesheep.example.com":
The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)The query was for the SRV record for _ldap._tcp.dc._msdcs.littlesheep.example.com
Common causes of this error include the following:
- The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses:
216.40.150.250
- One or more of the following zones do not include delegation to its child zone:
littlesheep.example.com
example.com
com
. (the root zone)I thought by setting up the slave zone with the littlesheep view, the Windows 7 VMs should be able to join the domain but it doesn't. When I'm at the Windows 7 VM, I can ping littlesheep.example.com and it resolves. If I'm on the Windows 7 VMs, and I manually add the DC IP 216.40.150.247 in the DNS field in network properties, I can join the domain. But on the Windows 7 VM, DHCP DNS address is of the pfsense(216.40.150.250), it won't join.
Any ideas what's happening here?
-