we need help with AD-DDNS

Farid Hamjavar hamjavar at unm.edu
Wed Jul 19 04:45:04 UTC 2000 


Thanks for informative and detailed reply.


Would you say your setup described below
would still work  if in your 
environment you had a Win2k AD 
whose "AD Domain name" is also "anl.gov" ?


Thanks,
Farid
UNM



On Tue, 18 Jul 2000, Barry Finkel wrote:

> Date: Tue, 18 Jul 2000 08:55:51 -0500 (CDT)
> From: Barry Finkel <b19141 at achilles.ctd.anl.gov>
> To: bind-users at isc.org
> Cc: hamjavar at unm.edu
> Subject: we need help with AD-DDNS
> 
> >Question:
> >
> >Given that the following is the only way we
> >could get it to work without strange errors,
> >we DO NOT WANT win2k1.unm.edu (win2k AD server described 
> >above 129.24.17.117) update and "mess" with the unm.edu's zone and 
> >rev static files.  However, we DO WANT to let the AD server provide the
> >SRV RR it needs to communicate to win2k clients.
> 
> What we have done in our W2k testbed is this -- assign new zones
> 
>      _msdcs.anl.gov
>      _tcp.anl.gov
>      _udp.anl.gov
>      _sites.anl.gov
> 
> These are the zones into which the anl.gov AD controllers will place 
> their SRV records.  I currently have these zones on a MS W2k DNS box,
> but there is no reason I could not have them on a BIND 8.2.2-p5 box.
> The SRV information contained therein are not essential for DNS (they
> are not "A" nor "PTR" records), so I do not care if the zones are on
> a MS DNS box and get trashed.  [I am not saying that they have gotten
> trashed or that they will get trashed.  The MS W2k DNS is a new product,
> and its stability is unknown.]
> 
> There are notes on technet
> 
>      www.microsoft.com/technet
> 
> that describe this.  The only other entry that the Domain Controller
> will register is an "A" record for the domain
> 
>      anl.gov  IN   A  192.168.1.8   [the address of DC #1]
>      anl.gov  IN   A  192.168.1.12  [the address of DC #2]
>      anl.gov  IN   A  192.168.1.13  [the address of DC #3]
> 
> The procedure for turning off registration of this entry was discussed
> yesterday; whether this works is still debatable.  What we did in our
> testbed is add these "A" records manually; they did not conflict with
> any of our other registrations.  I did post in recent weeks a concern
> that these records could conflict in some cases.  We see that the DCs
> are trying to update dynamically the anl.gov master test zone, but we
> do not allow it.  We live with the "unapproved update from ..." messages
> in the BIND log and error messages in the W2k DC Event Logs.
> ----------------------------------------------------------------------
> Barry S. Finkel
> Electronics and Computing Technologies Division
> Argonne National Laboratory          Phone:    +1 (630) 252-7277
> 9700 South Cass Avenue               Facsimile:+1 (630) 252-9689
> Building 221, Room B236              Internet: BSFinkel at anl.gov
> Argonne, IL   60439-4844             IBMMAIL:  I1004994
>

More information about the bind-users mailing list