Active Directory Integrated DNS( dynamic update behavior )

Barry Finkel b19141 at
Thu Jan 16 19:32:33 UTC 2003

"Rahul Parasnis" <rparasnis at> replied to my posting:

>For rest of zones either I can define w2k as secondary or forward those
>requests to bind DNS .
>is there any limit on defining secondary servers ? ( is it 20 )

Why define the W2k server as a slave for the other zones?  Which 
machines are going to use the W2k server as their DNS server?  Almost
all of the machines here are configured to use my BIND servers as their
DNS servers; no machine (of which I am aware) is using the W2k DNS
Server as its server.  As everyone is using the BIND servers, I have to
insure that I have the "_" zones on the BIND servers.

I am not sure what you mean by "limit on defining secondary servers".
You can have any number of slave servers for a given zone.  There
usually is no need for 1-4 slave servers.  Note that if you have many 
slave servers for a zone, then there are many NS records in the zone,
and a query might result in all of those NS records being placed in
the AUTHORITY section of the DNS reply.  That could cause the reply
packet to exceed the size of a UDP packet, reulting in having to use


>I tested the dynamic update to learn it's behavior . Here is what understood
>please correct me if I am wrong .
>If there is A record, CNAME and PTR  record for one client . A record is
>different than the Client FQDN ( computer name ). When client updates , it
>deletets this A record and PTR record and replaces with it's FQDN Name but
>the old A record and CNAME resord is not deleted .
>I could see the log in db.domain.ixfr and reverse_lookup_zone_file.ixfr .

Assuming these entries in DNS:

     AA  IN  A

If a machine named AA at address attempts self-registration and
is successful, then these records will be in DNS, I believe:

     AA  IN  A

The "A" record for AA will have been replaced, while the PTR record for will have been added.  The CNAME record will have been left

Given the initial scenario again -- if a machine named BB at address attempts self-registration, then the initial request to

     BB  IN  A

will fail, because the DDNS packet has a pre-requisite check to insure
that BB is not already a CNAME.  Once this pre-req fails, I do not know
what subsequent DDNS packets, if any, will be sent by the W2k computer
attempting self-registration (either for the forward registration or
for the reverse registration).  I have never had this situation in my
testing.  Note that there is no CNAME pre-req test in the registration
of the PTR record; there could be a CNAME in a reverse zone if one is
using RFC 2317-style delegation of a piece of a subnet.


>These two names are not cnames of the A-record that is dynamically added .
>nslookup cname
>Server:  DNS Server
>Address:  IP Address
>Address:  IP Address
>there are following records now in DNS
>A record for computername ( dynamically updated )
>PTR record for computername ( dynamically updated )
>A record (old ) which was existing before
>CNAME records pointing to old A-record
>is my understanding correct ?

I cannot tell from your example what was in DNS before the update, and
what machine (at what address) sent the self-registration.
Barry S. Finkel
Electronics and Computing Technologies Division
Argonne National Laboratory          Phone:    +1 (630) 252-7277
9700 South Cass Avenue               Facsimile:+1 (630) 252-4601
Building 222, Room D209              Internet: BSFinkel at
Argonne, IL   60439-4828             IBMMAIL:  I1004994

More information about the bind-users mailing list