stealth server

[Kevin Darcy]

Barry Margolin wrote:

> In article <9i2ft4$o7i at pub3.rc.vix.com>,
> Georg Kreyerhoff  <georg at kreyerhoff.de> wrote:
> >Another (IMHO more sensible) configuration would be to set up the hidden
> >DNS-server as the master server, but only the slaves at the ISP having
> >NS-records pointing to them.
>
> This is often called "silent primary"; I prefer to call it "hidden
> primary", but the former term seems to be more common.

Hmmm... I've never heard "silent primary" before. I call mine a "hidden master".

> This is only "more sensible" if you have a sysadmin competent to run a
> master nameserver.  In my experience, this is pretty rare.  75% of the work
> I do these days is notifying our customers of problems with their master
> servers.  Windows 2000 is now my least favorite piece of Microsoft
> crapware, as the DNS server that it comes with seems to have a bug that
> causes serial numbers to drop back occasionally, and we have to notify our
> customers that zone transfers have stopped (I suspect that when it
> increments the serial# due to a dynamic DNS change, it doesn't update it in
> the Registry like it does when you make some other change to the zone, and
> when the server is rebooted it reverts to the last serial# that was stored
> there).

When it's AD-integrated, Win2K doesn't care about the serial number of a zone,
since it has no effect on replication amongst AD/Win2K servers. And it's a
debatable point whether the DNS protocol actually *requires* incrementation[*] of
the serial number for every change, when AXFR/IXFR is not being used for
replication. So don't expect this to be fixed any time soon. Integration of
Microsoft and non-Microsoft products isn't exactly high on Microsoft's priority
list. Or, so the Federal Appeals Court seemed to think :-)


- Kevin

[*] I have no idea whether "incrementation" is a valid English word or not. If
not, then I just made it up.