bind vs. MS DNS

Barry Finkel b19141 at achilles.ctd.anl.gov
Thu Jun 17 15:44:59 UTC 2004


Kevin Darcy (I believe) responded to a posting:
 
>>>>Now, if you want to make secure Dynamic 
>>>>Updates directly from Win2K (or Win2K3) clients to the DNS of your main 
>>>>domain, then you're not going to be able to use BIND for that. But
>>>>technically that's not an Active Directory function; it's a Win2K* 
>>>>function, and one that many folks find to be not worth the resources it 
>>>>consumes. Depends on what you're trying to achieve.
 
and Robert Lowe <Robert.H.Lowe at lawrence.edu> replied:

>>>We turn off DDNS in all of our client images.  Client-initiated dynamic
>>>updates is a bad idea anyway.  We use TSIG signed updates from ISC's
>>>DHCP server for the few zones where we do DDNS.  DHCP is probably
>>>another aspect of this discussion regarding migration too.  :-(
 
and I replied:

>> We attempt to turn off DDNS on all our W2k machines.  But DCs need
>> self-registration enabled in order for the DC to register its SRV
>> records.

and Robert Lowe <Robert.H.Lowe at lawrence.edu> replied:

>No, this can be turned off.  See the MS article I referenced earlier.
>So that the archives pick it up, I'll insert the first part of the
>appropriate section below, and a piece regarding Windows Server 2003.

I believe that if one takes a DC and turns off self-registration in
TCP/IP properties, then that DC will NOT register its SRV records in
DNS.  I believe that the registry setting referenced in MS article 

     816592 HOW TO: Configure DNS dynamic update in Windows 2003

affects whether the DC will do DDNS for the SRV records or will produce
a netlogon.dns file (that can be $INCLUDEd into a BIND zone file, as
I did in my initial W2k DNS testing).

In my setup I want each DC to register its SRV records dynamically in
my MS W2k+3 DNS Server, but I do NOT want the DCs to do DDNS
self-registration, which I do not allow on my BIND servers.  If I
disable self-registration, then I disable SRV DDNS at the same time.

We have an open trouble ticket with MS on a related issue (EventID
40961), and I will suggest to MS that they decouple self-registration
and registration of SRV records.
----------------------------------------------------------------------
Barry S. Finkel
Computing and Instrumentation Solutions Division
Argonne National Laboratory          Phone:    +1 (630) 252-7277
9700 South Cass Avenue               Facsimile:+1 (630) 252-4601
Building 222, Room D209              Internet: BSFinkel at anl.gov
Argonne, IL   60439-4828             IBMMAIL:  I1004994



More information about the bind-users mailing list