Active Directory and DNS
Kevin Darcy
kcd at daimlerchrysler.com
Fri Aug 25 20:22:26 UTC 2000
Chang, Shu-Min wrote:
> It's an idea to separate the forward zone, but does anyone know how to
> tackle the reverse? There's no way to subdelegate the RR in a reverse zone.
> The RFC2317 http://www.ietf.org/rfc/rfc2317.txt?number=2317 teaches a method
> that does not work for the DDNS. The DDNS RFC, states that CNAME is not to
> be followed for record updates.
Um, no, this is a misconception, one that Microsoft and perhaps others have
stumbled on. The DDNS RFC says that CNAME *matching* is disallowed for Dynamic
Update. So if "foo" is an alias for the A record "bar", then if the server gets
a Dynamic Update request to change the A record for "foo", it must not
translate that into a request to change "bar". The only Dynamic Update requests
that would be allowed for "foo" would have types of CNAME.
But CNAME "following" is not forbidden by the RFC. The Dynamic Update
*client* is perfectly free to look up "foo", see that it is an alias for "bar",
and then issue a Dynamic Update request for "bar". This is client-side
"following", and perfectly legal per the RFC.
So there's no technical reason why RFC 2317-style CNAMEs-to-PTRs _can't_ work
for Win2K integration: it's just that the Microsoft software isn't smart enough
yet.
- Kevin
More information about the bind-users
mailing list