DDNS and allow-update declarations
Mark Andrews
Mark_Andrews at isc.org
Thu Dec 11 00:00:37 UTC 2008
In message <5E537F1C-943D-43AE-ACF0-42A9F9AF9C2B at colorado.edu>, Nicholas F Mille
r writes:
> I have a couple of questions regarding how a Microsoft domain
> controller updates a dynamic zone.
>
> 1 ) When a domain controller tries to update the zone does it try the
> DNS servers it has listed in its network settings or does it follow
> the SOA for the zone?
There are knowledge base article which describe this fully.
I suggest that you search the Microsoft knowledge base for
the complete answer.
> 2) In the configs below does the slave server's IP need to be listed
> in the allow-update declaration on the master zone server?
>
> Master Server - 1.2.3.4
>
> zone "actived.example.com" {
> type master;
> file "named.ad";
> allow-update {
> 1.2.3.4; // master DNS server
> 11.22.33.44; // domain controller 1
> 55.66.77.88.99; // domain controller 2
> };
> allow-transfer {
> 5.6.7.8 // slave DNS server;
> };
> };
>
> Slave Server - 5.6.7.8
>
> zone "actived.example.com" {
> type slave;
> file "named.ad";
> allow-update-forwarding {
> 11.22.33.44; // domain controller 1
> 55.66.77.88.99; // domain controller 2
> };
> allow-transfer { none; };
> masters {
> 1.2.3.4 // master DNS server
> };
> };
As you are allowing updates based on IP address, then yes, you
need to specify the update forwarders address. If you were using
TSIG then you don't need to as the signed message will be forwarded.
Mark
> Thanks,
> ________________________________________________________
> Nicholas Miller, ITS, University of Colorado at Boulder
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list