DDNS and allow-update declarations

Jonathan Petersson jpetersson at garnser.se
Wed Dec 10 17:42:55 UTC 2008 

I did some testing with this couple a months ago and it seams like AD is
following the NS directive in the SOA.

The design I used in my test-case was to put AD as an authoritative updater
of the specified zone on my master, once updated the BIND master was
responsible for updating the slaves.

Something you can do is add NS records in AD pointing at your BIND
slave-servers for the zone, and vice versa configure your slaves to have the
AD as master for the zone, what I've experienced is that updates of new
records tends to be REALLY slow, thus I would go with the first option.

/Jonathan

On Wed, Dec 10, 2008 at 8:17 AM, Nicholas F Miller <
Nicholas.Miller at colorado.edu> wrote:

> I have a couple of questions regarding how a Microsoft domain controller
> updates a dynamic zone.
>
> 1 ) When a domain controller tries to update the zone does it try the DNS
> servers it has listed in its network settings or does it follow the SOA for
> the zone?
>
> 2) In the configs below does the slave server's IP need to be listed in the
> allow-update declaration on the master zone server?
>
> Master Server - 1.2.3.4
>
> zone "actived.example.com" {
>        type master;
>        file "named.ad";
>        allow-update {
>                1.2.3.4;        // master DNS server
>                11.22.33.44;         // domain controller 1
>                55.66.77.88.99;         // domain controller 2
>                };
>        allow-transfer {
>                5.6.7.8 // slave DNS server;
>                };
> };
>
> Slave Server - 5.6.7.8
>
> zone "actived.example.com" {
>        type slave;
>        file "named.ad";
>        allow-update-forwarding {
>                11.22.33.44;         // domain controller 1
>                55.66.77.88.99;         // domain controller 2
>                };
>        allow-transfer { none; };
>        masters {
>                1.2.3.4 // master DNS server
>        };
> };
>
> Thanks,
> ________________________________________________________
> Nicholas Miller, ITS, University of Colorado at Boulder
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20081210/4271aa7c/attachment.html>

More information about the bind-users mailing list