Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Relocation of DNS under AD domain

2025-01-16 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/03 Report--

AD domain DNS relocation, environment description: windows 2008 R2 server AD+DNS, one master multi-auxiliary mode, hostname: level.lakyy.com, host IP address: 192.168.0.180 level.lakyy.com bind version 9.10.6, IP address: 192.168.0.160.

Bind can take over the DNS under the windows ad by configuring the srv resource record mode. At the same time, bind can only interact with the master domain controller for configuration. After configuration, the terminal will not be affected to join the AD domain, and normal resolution will not be affected. The configuration method is as follows:

I. BIND DNS configuration

(1) configure A record about windows ad server

Cat lakyy.com.dnstest$TTL 3600 @ IN SOA ns.lakyy.com. Root.lakyy.com. (1808032145360018006048003600) IN NS nsns 3600 IN A 192.168.0.160level 3600 IN A 192.168.0.180

(2) add srv records that allow clients to locate a kerberos kdc domain, and all DC domain controllers that provide kerberos services (for authentication and resource access) will register this name. The record name is "_ kerberos._tcp" priority 0, weight 0, port 88, host ad providing the service

Cat lakyy.com.dnstest$TTL 3600 @ IN SOA ns.lakyy.com. Root.lakyy.com. (1808032148360018006048003600) IN NS ns_kerberos._tcp 3600 SRV 00 88 levelns 3600 IN A 192.168.0.160level 3600 IN A 192.168.0.180

(3) add srv records to allow the client to find a ldap server level.lakyy.com domain to submit a query to find the active directory of the object. All windows NT domain controllers will register this name in the level. Lakyy.com domain. Record name is "_ ldap._tcp", priority 0, weight 0, port 389, host level providing service

Cat lakyy.com.dnstest$TTL 3600 @ IN SOA ns.lakyy.com. Root.lakyy.com. (1809090945360018006048003600) IN NS ns_kerberos._tcp 3600 SRV 00 88 level_ldap._tcp 3600 SRV 00 389 levelns 3600 IN A 192.168.0.160level 3600 IN A 192.168.0.180

(4) add a srv record to allow the client to find a domain controller in the level.lakyy.com domain, and all windows NT ddomain domain controllers will register this name in the level.lakyy.com domain. Record name is "_ ldap._tcp.dc._msdcs", priority 0, weight 0, port 389, host level providing service

Cat lakyy.com.dnstest$TTL 3600 @ IN SOA ns.lakyy.com. Root.lakyy.com. (1809090949360018006048003600) IN NS ns_kerberos._tcp 3600 SRV 00 88 level_ldap._tcp 3600 SRV 00 389 level_ldap._tcp.dc._msdcs 3600 SRV 00 389 levelns 3600 IN A 192.168.0.160level 3600 IN A 192.168.0.180

(5) add a srv record to allow the client to find the active directory forest of the global catalog server and find the normal record, and the global catalog forest will register this record. Record name is "gc._msdcs.level", priority 0, weight 0, port 3268, host level providing the service

Cat lakyy.com.dnstest$TTL 3600 @ IN SOA ns.lakyy.com. Root.lakyy.com. (1809090953360018006048003600) IN NS ns_kerberos._tcp 3600 SRV 00 88 level_ldap._tcp 3600 SRV 00 389 level_ldap._tcp.dc._msdcs 3600 SRV 00 389 levelgc._msdcs.level 3600 SRV 00 3268 levelns 3600 IN A 192.168.0.160level 3600 IN A 192.168.0.180

(6) add a srv record to allow the client to find a domain controller to run the kerberos kdc domain name, name level.lakyy.com, and all windows nt domain controllers will run the kerberos service in the level.lakyy.com domain and register the name. The record name is "_ kerberos._tcp.dc._msdcs", priority 0, weight 0, port 88, host level.

Cat lakyy.com.dnstest$TTL 3600 @ IN SOA ns.lakyy.com. Root.lakyy.com. (1809091133360018006048003600) IN NS ns_kerberos._tcp.dc._msdcs 3600 SRV 00 88 levelgc._msdcs.level 3600 SRV 00 3268 level_ldap._tcp.dc._msdcs 3600 SRV 00 389 level_ldap._tcp 3600 SRV 00 389 level_kerberos. _ tcp 3600 SRV 00 88 levelns 3600 IN A 192.168.0.160level 3600 IN A 192.168.0.180

(7) configure DNS parameters

View "dnstest" {zone "lakyy.com" IN {type master; allow-update {192.168.0.180; 192.168.0.160; 192.168.0.0 check-names ignore; file 24;}; check-names ignore; file "lakyy.com.dnstest";} Zone "0.168.192.in-addr.arpa" IN {type master; allow-update {192.168.0.180; 192.168.0.160; 192.168.0.0Accord 24;}; check-names ignore; file "0.168.192.in-addr.arpa.dnstest";};}

II. Windows configuration

(1) change the DNS point of the ad server and modify the DNS address of the PC to the bind server address.

(2) use the command "net stop/start netlogon" to force AD to register DNS.

Third, troubleshooting

(1) bind and master domain controller are configured in linkage, and the dynamic A record cannot be updated. The reason for the problem: the ① bind DNS parameter allow update needs to add all subnet segments that are allowed to use dynamic A. There is a problem with ② area replication. Using the dcdiag command, you can compare and troubleshoot for anomalies in replication between primary and secondary domain controllers.

(2) the terminal cannot join the AD domain. The cause of the problem: ① network communication problem, terminal machine-to-bind DNS or terminal-to-AD domain communication failure; ② configuration srv recording error or bind dns unable to communicate with ad domain server.

(3) other outstanding problems can be solved by contacting the blogger. Thank you

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Servers

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report