bind vs. MS DNS
Barry Finkel
b19141 at achilles.ctd.anl.gov
Thu Jun 17 15:44:59 UTC 2004
Kevin Darcy (I believe) responded to a posting:
>>>>Now, if you want to make secure Dynamic
>>>>Updates directly from Win2K (or Win2K3) clients to the DNS of your main
>>>>domain, then you're not going to be able to use BIND for that. But
>>>>technically that's not an Active Directory function; it's a Win2K*
>>>>function, and one that many folks find to be not worth the resources it
>>>>consumes. Depends on what you're trying to achieve.
and Robert Lowe <Robert.H.Lowe at lawrence.edu> replied:
>>>We turn off DDNS in all of our client images. Client-initiated dynamic
>>>updates is a bad idea anyway. We use TSIG signed updates from ISC's
>>>DHCP server for the few zones where we do DDNS. DHCP is probably
>>>another aspect of this discussion regarding migration too. :-(
and I replied:
>> We attempt to turn off DDNS on all our W2k machines. But DCs need
>> self-registration enabled in order for the DC to register its SRV
>> records.
and Robert Lowe <Robert.H.Lowe at lawrence.edu> replied:
>No, this can be turned off. See the MS article I referenced earlier.
>So that the archives pick it up, I'll insert the first part of the
>appropriate section below, and a piece regarding Windows Server 2003.
I believe that if one takes a DC and turns off self-registration in
TCP/IP properties, then that DC will NOT register its SRV records in
DNS. I believe that the registry setting referenced in MS article
816592 HOW TO: Configure DNS dynamic update in Windows 2003
affects whether the DC will do DDNS for the SRV records or will produce
a netlogon.dns file (that can be $INCLUDEd into a BIND zone file, as
I did in my initial W2k DNS testing).
In my setup I want each DC to register its SRV records dynamically in
my MS W2k+3 DNS Server, but I do NOT want the DCs to do DDNS
self-registration, which I do not allow on my BIND servers. If I
disable self-registration, then I disable SRV DDNS at the same time.
We have an open trouble ticket with MS on a related issue (EventID
40961), and I will suggest to MS that they decouple self-registration
and registration of SRV records.
----------------------------------------------------------------------
Barry S. Finkel
Computing and Instrumentation Solutions Division
Argonne National Laboratory Phone: +1 (630) 252-7277
9700 South Cass Avenue Facsimile:+1 (630) 252-4601
Building 222, Room D209 Internet: BSFinkel at anl.gov
Argonne, IL 60439-4828 IBMMAIL: I1004994
More information about the bind-users
mailing list