Monitoring Zonefiletransfer

Barry S. Finkel bsfinkel at att.net
Wed Feb 19 15:01:49 UTC 2014


>> A few problems i discovered:
>> >- sometimes have a higher serial then all masters have, is this normal on
>> >an AD DNS? or am I doing something wrong i thought this could not happen.

> 	Only transfer from one AD master.  Microsoft AD doesn't maintain
> 	consistent serials across the servers.  The serials should be
> 	monotonically increasing from a individual server.
>

And when I had BIND slaves for AD masters, when patches were being
applied to the Domain Controllers (i.e., the ONE DC that I had
selected as a master), a zone serial number would decrease.  In most
(but not all) cases, after the DC patching was finished, the zone
serial number would go back to "normal".  I was not allowed to open a
trouble ticket with Microsoft.  Every morning at 7AM I ran a cron to
capture the zone serial numbers on all of the 44+ AD zones on all my
BIND DNS servers.

(I just realized that in my post about a half-hour ago on this
subject, I had forgotten to change the "Subject:" line from the
digest).

--Barry Finkel


More information about the bind-users mailing list