GUID CNAME's go missing

Barry Finkel b19141 at achilles.ctd.anl.gov
Mon Nov 18 15:50:59 UTC 2002 

zippy_zip at hotmail.com (zippyzip) wrote:

>We currently use active directory with a BIND 8.2.4 compatible DNS
>server (Nortel NetID 4.3.1). This server supports all the necessary
>RFC's and underscores in domain names, and has been working fine. All
>the SRV records are registed OK..
>
>However it has come to our attention that AD replication is failing,
>as far as I know AD uses the GUID to communicate which is effectively
>a CNAME from the AD host you are trying to communicate with:  i.e. 
>9d72cf45-8404-47be-9dee-190dbcef4541._msdcs.domain.com.  IN  CNAME   
>adhost.domain.com.
>
>After setting up various monitoring scripts it has become apparent
>that all of these CNAME's keep being deleted intermittently and then
>get added again. I would seem that a normal occurence  is for an AD
>host to delete, update and create a new cname every hour.  However
>there are times when I just see a delete and no new....  this in turn
>means occasionally there is no GUID for an hour??!!!
>
>
>Has anyone else come across anything similar with active directory? If
>so what DNS are you using? What W2K service pack, and how did you
>resolve the problem?

I have 13 sets of "_" zones on my W2k DNS Server.  I keep a record of
serial numbers every morning.  Here are the serial number changes from
Sep 10 to Nov 18 (69 days):

     _msdcs.anl  65442  65490   +48
     _sites.anl  30595  30618   +23
     _tcp.anl    32207  32215   +08

     _msdcs.dis     38     59   +18
     _sites.dis     30     47   +17
     _tcp.dis       32     40   +08
     _udp.dis       30     36   +06

     _msdcs.er      46     49   +03
     _sites.er      37     40   +03

     _msdcs.es    1001   1019   +18
     _sites.es     547    558   +11
     _tcp.es      1241   1249   +08
     _udp.es       783    789   +06

     _msdcs.et    1147   1150   +03
     _sites.et     930    933   +03

     _msdcs.hep  15005  15008   +03
     _sites.hep   8935   8938   +03

     _msdcs.ocf     78     81   +03
     _sites.ocf     54     57   +03

     _msdcs.rae     35     38   +03
     _sites.rae     29     32   +03

     _msdcs.td     121    149   +28
     _sites.td      75     94   +19
     _tcp.td       101    118   +17
     _udp.td        86    101   +15

That is 25 serial number increases for 4*13 (52) zones.  So, I am not
seeing the activity on the "_" zones that you are seeing.  Is your 
Nortel DNS server scavenging records?  I am not sure if the Netlogon
process is re-registering the SRV and CNAME records on a regular basis;
the MS W2k DNS code will recognize a DDNS packet that is replacing
existing records with the same information, and it will treat the 
request as a no-op.  It will respond OK to the DDNS requestor, but
the zone will not change (and with a fairly recent dns.exe the zone
serial number will not change).
----------------------------------------------------------------------
Barry S. Finkel
Electronics and Computing Technologies Division
Argonne National Laboratory          Phone:    +1 (630) 252-7277
9700 South Cass Avenue               Facsimile:+1 (630) 252-4601
Building 222, Room D209              Internet: BSFinkel at anl.gov
Argonne, IL   60439-4828             IBMMAIL:  I1004994

More information about the bind-users mailing list