we need help with AD-DDNS
Farid Hamjavar
hamjavar at unm.edu
Wed Jul 19 04:45:04 UTC 2000
Thanks for informative and detailed reply.
Would you say your setup described below
would still work if in your
environment you had a Win2k AD
whose "AD Domain name" is also "anl.gov" ?
Thanks,
Farid
UNM
On Tue, 18 Jul 2000, Barry Finkel wrote:
> Date: Tue, 18 Jul 2000 08:55:51 -0500 (CDT)
> From: Barry Finkel <b19141 at achilles.ctd.anl.gov>
> To: bind-users at isc.org
> Cc: hamjavar at unm.edu
> Subject: we need help with AD-DDNS
>
> >Question:
> >
> >Given that the following is the only way we
> >could get it to work without strange errors,
> >we DO NOT WANT win2k1.unm.edu (win2k AD server described
> >above 129.24.17.117) update and "mess" with the unm.edu's zone and
> >rev static files. However, we DO WANT to let the AD server provide the
> >SRV RR it needs to communicate to win2k clients.
>
> What we have done in our W2k testbed is this -- assign new zones
>
> _msdcs.anl.gov
> _tcp.anl.gov
> _udp.anl.gov
> _sites.anl.gov
>
> These are the zones into which the anl.gov AD controllers will place
> their SRV records. I currently have these zones on a MS W2k DNS box,
> but there is no reason I could not have them on a BIND 8.2.2-p5 box.
> The SRV information contained therein are not essential for DNS (they
> are not "A" nor "PTR" records), so I do not care if the zones are on
> a MS DNS box and get trashed. [I am not saying that they have gotten
> trashed or that they will get trashed. The MS W2k DNS is a new product,
> and its stability is unknown.]
>
> There are notes on technet
>
> www.microsoft.com/technet
>
> that describe this. The only other entry that the Domain Controller
> will register is an "A" record for the domain
>
> anl.gov IN A 192.168.1.8 [the address of DC #1]
> anl.gov IN A 192.168.1.12 [the address of DC #2]
> anl.gov IN A 192.168.1.13 [the address of DC #3]
>
> The procedure for turning off registration of this entry was discussed
> yesterday; whether this works is still debatable. What we did in our
> testbed is add these "A" records manually; they did not conflict with
> any of our other registrations. I did post in recent weeks a concern
> that these records could conflict in some cases. We see that the DCs
> are trying to update dynamically the anl.gov master test zone, but we
> do not allow it. We live with the "unapproved update from ..." messages
> in the BIND log and error messages in the W2k DC Event Logs.
> ----------------------------------------------------------------------
> Barry S. Finkel
> Electronics and Computing Technologies Division
> Argonne National Laboratory Phone: +1 (630) 252-7277
> 9700 South Cass Avenue Facsimile:+1 (630) 252-9689
> Building 221, Room B236 Internet: BSFinkel at anl.gov
> Argonne, IL 60439-4844 IBMMAIL: I1004994
>
More information about the bind-users
mailing list