Bind 9.1 As SOA with Windows 2003 DNS Server

Kevin Darcy kcd at
Wed Oct 11 00:38:11 UTC 2006

Skywalker wrote:
> I think I found the answer.  Our basic problem is that we are using the
> same domain name ( for internal and external use.  I read
> an article about split-brain DNS from Microsoft.  We would have an
> external DNS server that is authoritative for the zone and an internal
> DNS server that is authoritative for the the same zone name.  This
> method would not expose our internal computers to the outside.  The
> internal DNS server could perform forward lookups to the external DNS
> server.  The internal computer could therefore perform dynamic DNS
> updates to the internal DNS server.  Does this make sense
No, not really. Your problem, as you previously reported it, was that 
Dynamic Updates weren't being made to your Microsoft DNS server unless 
that server was defined as the "SOA" for the zone (still not 100% sure 
what you mean by that term). So what bearing does it have on your 
problem whether a particular hosted instance of a zone is designated as 
"internal" or "external"? In my last response, I implicitly invited you 
to either a) change the MNAME field of the zone's SOA RR to refer to 
your Microsoft DNS server (assuming that you were equating "SOA" with 
the MNAME field thereof), or at least b) double-check that there is an 
NS record at the apex of the zone referring to your Microsoft server. If 
neither of those things are true, then the client has no way of knowing 
that the Microsoft server is an available target for its Dynamic 
Updates, so you shouldn't be surprised that the Dynamic Updates are 
never processed.

      - Kevin

P.S. This is a BIND-oriented list, so we're getting a little off-topic 
when talking about how Microsoft-OS Dynamic Update clients talk to a 
Microsoft DNS server. You might be better off taking this to a 
Microsoft-specific list.

More information about the bind-users mailing list