resolving a second zone!
Barry Finkel
b19141 at achilles.ctd.anl.gov
Fri Mar 19 15:29:05 UTC 2004
Barry Margolin <barmar at alum.mit.edu> wrote:
>Active Directory zones change very frequently in many environments, so
>it's easy for slave zones to be out of date much of the time. If you
>want better reliability, it's probably better to recurse to the real AD
>servers rather than slaving.
I have one forward and five reverse zones on my W2k+3 DNS Server,\
all under the control of MS DHCP. I have no problems with immediate
AXFR/IXFR of the data to my BIND DNS slave servers. With respect to the
"_" zones, once a DC is enabled and its SRV records are registered in
DNS, I see very little DDNS activity on the zones. I do not know if
the ANL AD setup is typical; I have about 13 AD sub-domains. The
serial number in my _msdcs.anl.gov zone (which contains CNAMEs for
all the AD DCs), has gone from 65843 to 65885 (+42) from Jan 01 until
Mar 19 (79 days). That is less than one update per day. I know that
the DCs will re-register their SRV records periodcally, but if one
is running a fairly new build level of dns.exe, then those
re-registrations, which the MS W2k DNS treats as NO-OPs, then the
zone serial number will not be incremented. This fix was from early
2002.
Before we installed W2k and AD, all of my clients (Windows, Unix, Macs,
VAXen, etc.) were configured to use my BIND servers as DNS servers.
When we installed W2k, we did not change any of those clients to use
the W2k DNS Server.
----------------------------------------------------------------------
Barry S. Finkel
Computing and Instrumentation Solutions Division
Argonne National Laboratory Phone: +1 (630) 252-7277
9700 South Cass Avenue Facsimile:+1 (630) 252-4601
Building 222, Room D209 Internet: BSFinkel at anl.gov
Argonne, IL 60439-4828 IBMMAIL: I1004994
More information about the bind-users
mailing list