we need help with AD-DDNS

Barry Finkel b19141 at achilles.ctd.anl.gov
Tue Jul 18 13:55:51 UTC 2000 

>Question:
>
>Given that the following is the only way we
>could get it to work without strange errors,
>we DO NOT WANT win2k1.unm.edu (win2k AD server described 
>above 129.24.17.117) update and "mess" with the unm.edu's zone and 
>rev static files.  However, we DO WANT to let the AD server provide the
>SRV RR it needs to communicate to win2k clients.

What we have done in our W2k testbed is this -- assign new zones

     _msdcs.anl.gov
     _tcp.anl.gov
     _udp.anl.gov
     _sites.anl.gov

These are the zones into which the anl.gov AD controllers will place 
their SRV records.  I currently have these zones on a MS W2k DNS box,
but there is no reason I could not have them on a BIND 8.2.2-p5 box.
The SRV information contained therein are not essential for DNS (they
are not "A" nor "PTR" records), so I do not care if the zones are on
a MS DNS box and get trashed.  [I am not saying that they have gotten
trashed or that they will get trashed.  The MS W2k DNS is a new product,
and its stability is unknown.]

There are notes on technet

     www.microsoft.com/technet

that describe this.  The only other entry that the Domain Controller
will register is an "A" record for the domain

     anl.gov  IN   A  192.168.1.8   [the address of DC #1]
     anl.gov  IN   A  192.168.1.12  [the address of DC #2]
     anl.gov  IN   A  192.168.1.13  [the address of DC #3]

The procedure for turning off registration of this entry was discussed
yesterday; whether this works is still debatable.  What we did in our
testbed is add these "A" records manually; they did not conflict with
any of our other registrations.  I did post in recent weeks a concern
that these records could conflict in some cases.  We see that the DCs
are trying to update dynamically the anl.gov master test zone, but we
do not allow it.  We live with the "unapproved update from ..." messages
in the BIND log and error messages in the W2k DC Event Logs.
----------------------------------------------------------------------
Barry S. Finkel
Electronics and Computing Technologies Division
Argonne National Laboratory          Phone:    +1 (630) 252-7277
9700 South Cass Avenue               Facsimile:+1 (630) 252-9689
Building 221, Room B236              Internet: BSFinkel at anl.gov
Argonne, IL   60439-4844             IBMMAIL:  I1004994

More information about the bind-users mailing list