BIND 8.2 based DNS and AD
lauren
misslw at yahoo.com
Wed Nov 13 19:09:43 UTC 2002
Scavenging is only an option for QIP-managed Windows 2000
DNS servers, not QIP remote servers running BIND or Lucent
DNS Service. You are right, the interval is set to 0 by
default so you would have to enable it.
For servers running BIND/Lucent DNS Service the only
function that I can think of that resembles scavenging was
introduced in QIP 6.0, that is the qip-tombstonepurge CLI
(which you have to enable). I could be wrong though.
Sounds like you are pretty much set on MS AD-integrated DNS
for your AD zone, you probably know this but if you want to
use QIP for your IP management and MS for your DNS, you can
either:
1) configure QIP-managed MS 2000 remote servers through the
QIP interface
2) don't install remote service on MS server, configure the
server through the MS interface and then set up a cron job
with qip-miniddma/qip-syncexternal CLI to pull records from
the MS DNS server and drop them into the QIP database. This
way you aren't using QIP-managed DNS servers for the AD
zone but you can still do audits, reports, etc on those
objects.
As far as your SRV records disappearing (while using Lucent
DNS Service), I haven't ever had that problem. They get
dropped into Domain Extensions (assume that is what you
were talking about when you said they were hard coded). But
another previous poster was right, QIP thinks that
whatever's in the database is THE information. When a
standard dynamic update occurs, BIND/Lucent DNS will take
the update and run along happily. But if a record is not in
the database it's not going in the zone files next time you
do a push. So you will lose the update if it didn't make it
to the database. But if you are using Lucent DNS, the QIP
Update Service should take care of the database updates. I
use QIP 6.0, so YMMV.
--- Richard Davies <hightower_it at hotmail.com> wrote:
>
> Jose,
>
> I believe that scavenging has to be turned on for QIP
> 5.2, being
> disabled by default? Please correct me if I'm wrong!! If
> I'm right,
> this feature hasn't been enabled. Ageing would also have
> been left at
> its 'out of the box' value.
>
> Regards
>
> Richard Davies
> Hightower IT Solutions
>
> jose.a.campos at exxonmobil.com wrote in message
> news:<aqr3d0$90kp$1 at isrv4.isc.org>...
> > Richard,
> > We use QIP 5.2 - I'm just wondering :
> > what 's the scavenging interval set to ?
> > What about aging ?
> >
> >
> >
> >
> >
> >
>
>
> > Kevin Darcy
>
>
> > <kcd at daimlerchrysl To:
> comp-protocols-dns-bind at isc.org
>
> > er.com> cc:
>
>
> > Sent by: Subject:
> Re: BIND 8.2 based DNS and AD
>
> > bind-users-bounce@
>
>
> > isc.org
>
>
> >
>
>
> >
>
>
> >
>
>
> > 11/11/02 02:43 PM
>
>
> >
>
>
> >
>
>
> >
> >
> >
> >
> > Richard Davies wrote:
> >
> > > During extensive lab testing, we seem to have found
> something of an
> > > issue with both Nortel NetID 4.2.x and Lucent QIP 5.2
> in an AD
> > > environment.
> > > Out of the box AD (as we'd like very much to leave
> it) relies on
> > > individual DCs and GCs being able to dynamically
> register SRV records.
> > > Both of these products support the relevent RFC, all
> good so far.
> > > However, both products appear to 'clean up' (remove)
> dynamically
> > > registered SRV records intermittently. This, if it
> occurs during an
> > > attempt by AD to run a replication cycle causes all
> manner of merry
> > > hell to break loose. The SRVs are normally
> de-registered and
> > > re-registered by individual DCs every 60 minutes by
> default, which
> > > often leaves us with between 1 and 59 minutes with
> potentially no SRV
> > > records existing for our DNS zones.......not good.
> Lucent have a
> > > workaround which effectively hard codes the SRVs by
> running a CLI
> > > using 'append mode', and we presume Nortel have a
> similar 'fix'.
> > > Wanting to implement the most suitable product for a
> primarily AD
> > > based infrastructure, I would like to know whether
> anyone else has
> > > encountered this issue and if it is (as it seems) a
> feature of BIND??
> >
> > BIND doesn't have any "scavenging" feature -- it
> wouldn't delete records
> > unless it was specifically told to do so through
> Dynamic Update, or
> > unless it reloaded the zone from some sort of backend
> store, e.g. a
> > zonefile or backend DB, from which the records had been
> deleted.
> >
> > So, I would say either a) QIP/NetID must be deleting
> those records
> > itself, or b) some component of the Win2K/AD suite
> (e.g. GC, DC,
> > DHCP server) is doing the deletes. In any case, I doubt
> very much that
> > it's a BIND problem...
> >
> >
> > - Kevin
>
__________________________________________________
Do you Yahoo!?
U2 on LAUNCH - Exclusive greatest hits videos
http://launch.yahoo.com/u2
More information about the bind-users
mailing list