Master Zone May Not Work with BIND DNS for Windows 2000 Active Directory

Article translations Article translations
Article ID: 241973 - View products that this article applies to.
This article was previously published under Q241973
This article has been archived. It is offered "as is" and will no longer be updated.
IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:
256986 Description of the Microsoft Windows Registry
Expand all | Collapse all

Symptoms

When you are using BIND (a popular Domain Name System, or DNS, server implementation) DNS for a Windows 2000 Active Directory domain, the master zone may stop working with the following error message:
Master zone for "domain.com" (IN) rejected due to errors.

Cause

A Windows 2000 domain controller registers a host record for various locator services that do not conform to Request for Comments (RFC) 1123 restrictions on host names. For example, a host record is registered for the global catalog servers that takes the following form:
gc._mcdcs.domain.com
By default, a BIND server checks resource records to ensure that labels conform to RFC 1123 (which does not allow for the underscore character ("_") in host labels) and does not load the master zone. Microsoft complies to RFC 2181 which supersedes RFC 1123 and does not place any restrictions on characters used in a host label.

Resolution

To resolve this problem, disable name checking on the BIND DNS server. To disable name checking, add the following lines to the "/etc/named.conf" configuration file:
options {
check-names master ignore;
};

More information

RFC 2181, which supercedes RFC 1123, allows for any binary string to be used for any resource record label.

For additional information, click the article number below to view the article in the Microsoft Knowledge Base:
241980 Naming Syntax for the Domain Name System (DNS)
The third-party products that are discussed in this article are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.

Properties

Article ID: 241973 - Last Review: October 26, 2013 - Revision: 3.0
Applies to
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
Keywords: 
kbnosurvey kbarchive kb3rdparty kbenv kbprb KB241973

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com