Active Directory and DNS

[Chang, Shu-Min]

I like your translation better Kevin!  And I'd agree that this
interpretation would be more reasonable.

Shumin Chang
My opinion does not reflect that of my company's.




-----Original Message-----
From: Kevin Darcy [mailto:kcd at daimlerchrysler.com]
Sent: Friday, August 25, 2000 1:22 PM
To: comp-protocols-dns-bind at moderators.isc.org
Subject: Re: Active Directory and DNS



Chang, Shu-Min wrote:

> It's an idea to separate the forward zone, but does anyone know how to
> tackle the reverse?  There's no way to subdelegate the RR in a reverse
zone.
> The RFC2317 http://www.ietf.org/rfc/rfc2317.txt?number=2317 teaches a
method
> that does not work for the DDNS.  The DDNS RFC, states that CNAME is not
to
> be followed for record updates.

Um, no, this is a misconception, one that Microsoft and perhaps others have
stumbled on. The DDNS RFC says that CNAME *matching* is disallowed for
Dynamic
Update. So if "foo" is an alias for the A record "bar", then if the server
gets
a Dynamic Update request to change the A record for "foo", it must not
translate that into a request to change "bar". The only Dynamic Update
requests
that would be allowed for "foo" would have types of CNAME.

But CNAME "following" is not forbidden by the RFC. The Dynamic Update
*client* is perfectly free to look up "foo", see that it is an alias for
"bar",
and then issue a Dynamic Update request for "bar". This is client-side
"following", and perfectly legal per the RFC.

So there's no technical reason why RFC 2317-style CNAMEs-to-PTRs _can't_
work
for Win2K integration: it's just that the Microsoft software isn't smart
enough
yet.


- Kevin