Leases on Dynamic Updates?

Chris Buxton cbuxton at menandmice.com
Fri Feb 1 22:55:19 UTC 2008 

Microsoft's implementation does not give identical IXFR's from  
different DC's. You cannot list multiple DC's in your masters  
statement and expect things to work right unless you use the multi- 
master option.

And even the IXFR's from a particular DC cannot be 100% relied on -  
you need to use AXFR requests from your BIND slave in order to  
reliably get to a complete copy of the zone. The solution I've seen  
is, once per day or so, stop the slave, get an AXFR with dig, and  
restart the slave. This can be done via cron, of course, but it's  
hardly ideal.

Chris Buxton
Professional Services
Men & Mice
Address: Noatun 17, IS-105, Reykjavik, Iceland
Phone:   +354 412 1500
Email:   cbuxton at menandmice.com
www.menandmice.com

Men & Mice
We bring control and flexibility to network management

This e-mail and its attachments may contain confidential and  
privileged information only intended for the person or entity to which  
it is addressed. If the reader of this message is not the intended  
recipient, you are hereby notified that any retention, dissemination,  
distribution or copy of this e-mail is strictly prohibited. If you  
have received this e-mail in error, please notify us immediately by  
reply e-mail and immediately delete this message and all its attachment.



On Feb 1, 2008, at 2:45 PM, Barry Finkel wrote:

> Danny wrote:
>
>> Don't be taken in by Microsoft's design. Look how difficult it was  
>> for
>> them to get the SOA serial number to work correctly with their AD
>> multimaster DNS.
>
> Does the MS design really work with multi-master?  I have three DCs,
> but I treat only ONE as the master for my BIND slaves.  I don't know
> of anyone who has more than one DC master for BIND slaves, but I have
> not done an exhaustive survey.  As far as I can tell, even after
> reading 282826 I cannot see any way for MS to get serial numbers
> correct.
>
> Given two identical copies of an AD-integrated zone (serial number 1),
> and given two different DDNS updates to that zone, each one sent to a
> different DC.  What is the new serial number for the zone?
>
> It cannot be 2, as each DC has serial number 2 after the DDNS updates,
> and each DC has a different copy of the zone.
>
> It cannot be 3 (for the zone with both updates applied), as there  
> could
> have been a new DDNS update to the zone sent to one of the DCs before
> the initial updates had been cross-integrated.
> ----------------------------------------------------------------------
> Barry S. Finkel
> Computing and Information Systems Division
> Argonne National Laboratory          Phone:    +1 (630) 252-7277
> 9700 South Cass Avenue               Facsimile:+1 (630) 252-4601
> Building 222, Room D209              Internet: BSFinkel at anl.gov
> Argonne, IL   60439-4828             IBMMAIL:  I1004994
>
>

More information about the bind-users mailing list