Active Directory Integrated DNS( dynamic update behavior )
David Botham
dns at botham.net
Thu Jan 16 21:30:17 UTC 2003
> -----Original Message-----
> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
> Behalf Of Barry Finkel
> Sent: Thursday, January 16, 2003 2:33 PM
> To: bind-users at isc.org
> Cc: rparasnis at clj.co.jp
> Subject: RE: Active Directory Integrated DNS( dynamic update behavior
)
>
> "Rahul Parasnis" <rparasnis at clj.co.jp> replied to my posting:
>
> >For rest of zones either I can define w2k as secondary or forward
those
> >requests to bind DNS .
> >is there any limit on defining secondary servers ? ( is it 20 )
A conventional limit is 13 name servers. This limit is due to the fact
you can pack 13 NS records with glue records into a UDP packet less than
512 bytes. That way you do not trigger a truncation and hence a TCP
transfer of the NS RRset for your zone...
Dave...
>
> Why define the W2k server as a slave for the other zones? Which
> machines are going to use the W2k server as their DNS server? Almost
> all of the machines here are configured to use my BIND servers as
their
> DNS servers; no machine (of which I am aware) is using the W2k DNS
> Server as its server. As everyone is using the BIND servers, I have
to
> insure that I have the "_" zones on the BIND servers.
>
> I am not sure what you mean by "limit on defining secondary servers".
> You can have any number of slave servers for a given zone. There
> usually is no need for 1-4 slave servers. Note that if you have many
> slave servers for a zone, then there are many NS records in the zone,
> and a query might result in all of those NS records being placed in
> the AUTHORITY section of the DNS reply. That could cause the reply
> packet to exceed the size of a UDP packet, reulting in having to use
> TCP.
>
> --------
>
> >I tested the dynamic update to learn it's behavior . Here is what
> understood
> >please correct me if I am wrong .
> >
> >If there is A record, CNAME and PTR record for one client . A record
is
> >different than the Client FQDN ( computer name ). When client updates
,
> it
> >deletets this A record and PTR record and replaces with it's FQDN
Name
> but
> >the old A record and CNAME resord is not deleted .
> >I could see the log in db.domain.ixfr and
reverse_lookup_zone_file.ixfr .
>
> Assuming these entries in DNS:
>
> AA IN A 1.2.3.4
> BB IN CNAME AA
> 1.2.3.4 IN PTR AA
>
> If a machine named AA at address 2.3.4.5 attempts self-registration
and
> is successful, then these records will be in DNS, I believe:
>
> AA IN A 2.3.4.5
> BB IN CNAME AA
> 1.2.3.4 IN PTR AA
> 2.3.4.5 IN PTR AA
>
> The "A" record for AA will have been replaced, while the PTR record
for
> 2.3.4.5 will have been added. The CNAME record will have been left
> untouched.
>
> Given the initial scenario again -- if a machine named BB at address
> 2.3.4.5 attempts self-registration, then the initial request to
> register
>
> BB IN A 2.3.4.5
>
> will fail, because the DDNS packet has a pre-requisite check to insure
> that BB is not already a CNAME. Once this pre-req fails, I do not
know
> what subsequent DDNS packets, if any, will be sent by the W2k computer
> attempting self-registration (either for the forward registration or
> for the reverse registration). I have never had this situation in my
> testing. Note that there is no CNAME pre-req test in the registration
> of the PTR record; there could be a CNAME in a reverse zone if one is
> using RFC 2317-style delegation of a piece of a subnet.
>
> --------
>
> >These two names are not cnames of the A-record that is dynamically
added
> .
> >
> >nslookup cname
> >Server: DNS Server
> >Address: IP Address
> >
> >Name: rparasnis.clj.co.jp
> >Address: IP Address
> >Aliases: cname.clj.co.jp
> >
> >there are following records now in DNS
> >A record for computername ( dynamically updated )
> >PTR record for computername ( dynamically updated )
> >A record (old ) which was existing before
> >CNAME records pointing to old A-record
> >
> >is my understanding correct ?
>
> I cannot tell from your example what was in DNS before the update, and
> what machine (at what address) sent the self-registration.
> ----------------------------------------------------------------------
> Barry S. Finkel
> Electronics and Computing Technologies Division
> Argonne National Laboratory Phone: +1 (630) 252-7277
> 9700 South Cass Avenue Facsimile:+1 (630) 252-4601
> Building 222, Room D209 Internet: BSFinkel at anl.gov
> Argonne, IL 60439-4828 IBMMAIL: I1004994
More information about the bind-users
mailing list