Microsoft KB Archive/241973

= Master Zone May Not Work with BIND DNS for Windows 2000 Active Directory =

Article ID: 241973

Article Last Modified on 2/28/2007

-

APPLIES TO


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server

-



This article was previously published under Q241973



IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry



SYMPTOMS
When you are using BIND (a popular Domain Name System, or DNS, server implementation) DNS for a Windows 2000 Active Directory domain, the master zone may stop working with the following error message:

Master zone for " .com" (IN) rejected due to errors.



CAUSE
A Windows 2000 domain controller registers a host record for various locator services that do not conform to Request for Comments (RFC) 1123 restrictions on host names. For example, a host record is registered for the global catalog servers that takes the following form:

gc._mcdcs.domain.com

By default, a BIND server checks resource records to ensure that labels conform to RFC 1123 (which does not allow for the underscore character ("_") in host labels) and does not load the master zone. Microsoft complies to RFC 2181 which supersedes RFC 1123 and does not place any restrictions on characters used in a host label.



RESOLUTION
To resolve this problem, disable name checking on the BIND DNS server. To disable name checking, add the following lines to the "/etc/named.conf" configuration file:

options {

check-names master ignore;

};



MORE INFORMATION
RFC 2181, which supercedes RFC 1123, allows for any binary string to be used for any resource record label.

For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

241980 Naming Syntax for the Domain Name System (DNS)

The third-party products that are discussed in this article are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.

Keywords: kb3rdparty kbenv kbprb KB241973

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.