GUID CNAME's go missing
Barry Finkel
b19141 at achilles.ctd.anl.gov
Mon Nov 18 15:50:59 UTC 2002
zippy_zip at hotmail.com (zippyzip) wrote:
>We currently use active directory with a BIND 8.2.4 compatible DNS
>server (Nortel NetID 4.3.1). This server supports all the necessary
>RFC's and underscores in domain names, and has been working fine. All
>the SRV records are registed OK..
>
>However it has come to our attention that AD replication is failing,
>as far as I know AD uses the GUID to communicate which is effectively
>a CNAME from the AD host you are trying to communicate with: i.e.
>9d72cf45-8404-47be-9dee-190dbcef4541._msdcs.domain.com. IN CNAME
>adhost.domain.com.
>
>After setting up various monitoring scripts it has become apparent
>that all of these CNAME's keep being deleted intermittently and then
>get added again. I would seem that a normal occurence is for an AD
>host to delete, update and create a new cname every hour. However
>there are times when I just see a delete and no new.... this in turn
>means occasionally there is no GUID for an hour??!!!
>
>
>Has anyone else come across anything similar with active directory? If
>so what DNS are you using? What W2K service pack, and how did you
>resolve the problem?
I have 13 sets of "_" zones on my W2k DNS Server. I keep a record of
serial numbers every morning. Here are the serial number changes from
Sep 10 to Nov 18 (69 days):
_msdcs.anl 65442 65490 +48
_sites.anl 30595 30618 +23
_tcp.anl 32207 32215 +08
_msdcs.dis 38 59 +18
_sites.dis 30 47 +17
_tcp.dis 32 40 +08
_udp.dis 30 36 +06
_msdcs.er 46 49 +03
_sites.er 37 40 +03
_msdcs.es 1001 1019 +18
_sites.es 547 558 +11
_tcp.es 1241 1249 +08
_udp.es 783 789 +06
_msdcs.et 1147 1150 +03
_sites.et 930 933 +03
_msdcs.hep 15005 15008 +03
_sites.hep 8935 8938 +03
_msdcs.ocf 78 81 +03
_sites.ocf 54 57 +03
_msdcs.rae 35 38 +03
_sites.rae 29 32 +03
_msdcs.td 121 149 +28
_sites.td 75 94 +19
_tcp.td 101 118 +17
_udp.td 86 101 +15
That is 25 serial number increases for 4*13 (52) zones. So, I am not
seeing the activity on the "_" zones that you are seeing. Is your
Nortel DNS server scavenging records? I am not sure if the Netlogon
process is re-registering the SRV and CNAME records on a regular basis;
the MS W2k DNS code will recognize a DDNS packet that is replacing
existing records with the same information, and it will treat the
request as a no-op. It will respond OK to the DDNS requestor, but
the zone will not change (and with a fairly recent dns.exe the zone
serial number will not change).
----------------------------------------------------------------------
Barry S. Finkel
Electronics and Computing Technologies Division
Argonne National Laboratory Phone: +1 (630) 252-7277
9700 South Cass Avenue Facsimile:+1 (630) 252-4601
Building 222, Room D209 Internet: BSFinkel at anl.gov
Argonne, IL 60439-4828 IBMMAIL: I1004994
More information about the bind-users
mailing list