DDNS an BIND question...

Kevin Darcy kcd at daimlerchrysler.com
Wed Jan 22 19:40:10 UTC 2003

Paco Orozco wrote:

>I've got a SERVER1 which is primary of domain.com. SERVER1 doesn't
>support DDNS. But I've delegated _msdcs, _tcp, _udp and _sites zones
>to SERVER2, a BIND server with DDNS support.
>DDNS clients are pointing to SERVER1.
>In this scenario it works well. but my q=FCestion is...=20
>If SERVER1 was secondary of _msdcs, _tcp, _udp and _sites, and DDNS
>clients was pointing to it... Can they register DDNS records???? Will
>SERVER1 answer queries about _msdcs, _tcp, _udp and _sites? Will
>SERVER1 forward updates to SERVER2?
According to RFC 2136, Dynamic Update clients should by default use the=20
MNAME field of the containing zone's SOA record, in conjunction with the=20
zone's NS records, to determine where to send any given Dynamic Update=20
request. So, just because a client is "pointed to" a particular server=20
for name-resolution purposes doesn't necessarily have any bearing on=20
where it sends its Dynamic Updates.

It is possible, however, to override these defaults and force a Dynamic=20
Update to go to a particular server. Also, if the master is unavailable,=20
the client may fail over to one of the slaves. So it is possible for a=20
slave to receive a Dynamic Update request. Update forwarding is quite=20
broken in BIND 8. Supposedly (I haven't tried it) it works in BIND 9.=20
There is an "allow-update-forwarding" option in BIND 9, which defaults=20
to "none" (i.e. disabled). Note that if you are relying on source=20
addresses for Dynamic Update authentication and using update forwarding,=20
then you'll need to enforce that authentication on the slave "perimeter"=20
because all of the forwarded updates will appear from the master's point=20
of view to originate from the slaves' addresses.

                                                    - Kevin

More information about the bind-users mailing list