Active Directory Integrated DNS( dynamic update behavior )

David Botham dns at
Thu Jan 16 21:30:17 UTC 2003

> -----Original Message-----
> From: bind-users-bounce at [mailto:bind-users-bounce at] On
> Behalf Of Barry Finkel
> Sent: Thursday, January 16, 2003 2:33 PM
> To: bind-users at
> Cc: rparasnis at
> Subject: RE: Active Directory Integrated DNS( dynamic update behavior
> "Rahul Parasnis" <rparasnis at> replied to my posting:
> >For rest of zones either I can define w2k as secondary or forward
> >requests to bind DNS .
> >is there any limit on defining secondary servers ? ( is it 20 )

A conventional limit is 13 name servers.  This limit is due to the fact
you can pack 13 NS records with glue records into a UDP packet less than
512 bytes.  That way you do not trigger a truncation and hence a TCP
transfer of the NS RRset for your zone...


> Why define the W2k server as a slave for the other zones?  Which
> machines are going to use the W2k server as their DNS server?  Almost
> all of the machines here are configured to use my BIND servers as
> DNS servers; no machine (of which I am aware) is using the W2k DNS
> Server as its server.  As everyone is using the BIND servers, I have
> insure that I have the "_" zones on the BIND servers.
> I am not sure what you mean by "limit on defining secondary servers".
> You can have any number of slave servers for a given zone.  There
> usually is no need for 1-4 slave servers.  Note that if you have many
> slave servers for a zone, then there are many NS records in the zone,
> and a query might result in all of those NS records being placed in
> the AUTHORITY section of the DNS reply.  That could cause the reply
> packet to exceed the size of a UDP packet, reulting in having to use
> TCP.
> --------
> >I tested the dynamic update to learn it's behavior . Here is what
> understood
> >please correct me if I am wrong .
> >
> >If there is A record, CNAME and PTR  record for one client . A record
> >different than the Client FQDN ( computer name ). When client updates
> it
> >deletets this A record and PTR record and replaces with it's FQDN
> but
> >the old A record and CNAME resord is not deleted .
> >I could see the log in db.domain.ixfr and
reverse_lookup_zone_file.ixfr .
> Assuming these entries in DNS:
>      AA  IN  A
>      BB  IN  CNAME  AA
>  IN  PTR  AA
> If a machine named AA at address attempts self-registration
> is successful, then these records will be in DNS, I believe:
>      AA  IN  A
>      BB  IN  CNAME  AA
>  IN  PTR  AA
>  IN  PTR  AA
> The "A" record for AA will have been replaced, while the PTR record
> will have been added.  The CNAME record will have been left
> untouched.
> Given the initial scenario again -- if a machine named BB at address
> attempts self-registration, then the initial request to
> register
>      BB  IN  A
> will fail, because the DDNS packet has a pre-requisite check to insure
> that BB is not already a CNAME.  Once this pre-req fails, I do not
> what subsequent DDNS packets, if any, will be sent by the W2k computer
> attempting self-registration (either for the forward registration or
> for the reverse registration).  I have never had this situation in my
> testing.  Note that there is no CNAME pre-req test in the registration
> of the PTR record; there could be a CNAME in a reverse zone if one is
> using RFC 2317-style delegation of a piece of a subnet.
> --------
> >These two names are not cnames of the A-record that is dynamically
> .
> >
> >nslookup cname
> >Server:  DNS Server
> >Address:  IP Address
> >
> >Name:
> >Address:  IP Address
> >Aliases:
> >
> >there are following records now in DNS
> >A record for computername ( dynamically updated )
> >PTR record for computername ( dynamically updated )
> >A record (old ) which was existing before
> >CNAME records pointing to old A-record
> >
> >is my understanding correct ?
> I cannot tell from your example what was in DNS before the update, and
> what machine (at what address) sent the self-registration.
> ----------------------------------------------------------------------
> Barry S. Finkel
> Electronics and Computing Technologies Division
> Argonne National Laboratory          Phone:    +1 (630) 252-7277
> 9700 South Cass Avenue               Facsimile:+1 (630) 252-4601
> Building 222, Room D209              Internet: BSFinkel at
> Argonne, IL   60439-4828             IBMMAIL:  I1004994

More information about the bind-users mailing list