Active Directory Integrated DNS( dynamic update behavior )

Rahul Parasnis rparasnis at
Thu Jan 16 00:18:21 UTC 2003

thanks a lot barry , this options is pretty much safe .
For rest of zones either I can define w2k as secondary or forward those
requests to bind DNS .
is there any limit on defining secondary servers ? ( is it 20 )

I tested the dynamic update to learn it's behavior . Here is what understood
please correct me if I am wrong .

If there is A record, CNAME and PTR  record for one client . A record is
different than the Client FQDN ( computer name ). When client updates , it
deletets this A record and PTR record and replaces with it's FQDN Name but
the old A record and CNAME resord is not deleted .
I could see the log in db.domain.ixfr and reverse_lookup_zone_file.ixfr .

These two names are not cnames of the A-record that is dynamically added .

nslookup cname
Server:  DNS Server
Address:  IP Address

Address:  IP Address

there are following records now in DNS
A record for computername ( dynamically updated )
PTR record for computername ( dynamically updated )
A record (old ) which was existing before
CNAME records pointing to old A-record

is my understanding correct ?

best regards,

> -----Original Message-----
> From: Barry Finkel [mailto:b19141 at]
> Sent: Wednesday, January 15, 2003 12:07 AM
> To: rparasnis at
> Subject: RE: Active Directory Integrated DNS
> >in all it looks like you recommend atleast one win2K as Name Server .
> >You suggested forward zones for _msdcs,_sites,_tcp,_udp then what do you
> >mean by "define these zones in your bind server  as slaves .
> Define zones
> on your BIND servers as slave zones, with the master being the W2k DNS
> box.
> --------
> >I agree that putting underscore zones on bind I will have to
> give away the
> >secure update , but I can compromise with allow-update options ( although
> >still vulnerable for ip spoofing )only to Domain controllers as you said
> >they need this feature .
> You can do that, but (as you note) the updates are not secure.
> --------
> >lastly about alias , I can add alias in the zone if I want but
> questions is
> >when Client boots it checks in the DNS whether records exists or not if
> >exists it deletes and add new entry ( A and PTR ) in DNS . at
> that time what
> >happens to this alias that I have defined ?
> If you have in DNS
>      ccccc IN CNAME
> and some DDNS deletes (and possibly re-adds)
>      aaaaa IN A
> The CNAME record is not touched.  The W2k client self-registration code
>      1) deletes and re-adds the "A" record
>      2) adds an additional "PTR" record.
> --------
> >Does CLIENT checks after certain interval whether my record
> exists in DNS ?
> >( I know DCs do this every 24 hours )
> If you have self-registration not disabled (and it must not be disabled
> for DCs), then the CLIENT workstation will re-register every 24 hours,
> I believe.
> ----------------------------------------------------------------------
> Barry S. Finkel
> Electronics and Computing Technologies Division
> Argonne National Laboratory          Phone:    +1 (630) 252-7277
> 9700 South Cass Avenue               Facsimile:+1 (630) 252-4601
> Building 222, Room D209              Internet: BSFinkel at
> Argonne, IL   60439-4828             IBMMAIL:  I1004994

This e-mail contains confidential information or information belonging to
Credit Lyonnais and is intended solely for the addressees. 
The unauthorized disclosure, use, dissemination or copying of this e-mail,
or any information it contains, is prohibited.
E-mails are susceptible to alteration and their integrity cannot be guaranteed. 
Credit Lyonnais shall not be liable for this e-mail if modified or falsified.
If you are not the intended recipient of this e-mail, please delete it 
immediately from your system and notify the sender of the wrong delivery 
and the mail deletion.

More information about the bind-users mailing list