UNIX BIND Server & W2000 DNS Server

Barry Finkel b19141 at achilles.ctd.anl.gov
Tue Feb 27 14:46:45 UTC 2001 

Paco Orozco <forozco at ecom5.eresmas.com> wrote:

>>Windows 2000 servers (T1 and T2) are clients of theirself. In other
>>words, T1 has as primary DNS server T1 and T2 has a primary DNS server
>>T1.
>>
>>T1 and T2 has a DNS server integrated in AD, and are forwarded to UNIX
>>DNS server (BA). This forward is used in order to minimize times to
>>resolve queries outside the subdomain delegated in T1 and T2.

Christian Krackowizer <ckrackowiz at std.schuler-ag.com> replied:

>well, we did a lot of playing around and ended up with the same 
>configuration as you.
>The only problem we see is the handling of the serial number between both 
>T1/2 which differs from time to time. Specially the reverse zone serials 
>always differ.

We have decided that with AD-integrated zones, we will have ONE MS W2k
DNS running on one of the DCs.  I looked at MS Article Q282826
("Active Directory-Integrated DNS Zone Serial Number Behavior"), and
after many readings (and making a flowchart), I can not see how MS
guarantees that DDNS updates will not be lost.  For example, given
three DCs, each one running the DNS service.  One of these will be
listed in the SOA record as the master; the other two will be
slaves.  I am not sure to which DNS MS will direct DDNS updates.
I assume that updates can be directed to any of the three DNS services.
If two different updates arrive at the two slaves at the same time,
I do not see how the MS DNS and AD code can handle this case, as I
believe (from Q282826) that each of the slaves will make the update
and increment the serial number.  We now have two copies of the zone
with the same serial number but different contents.

We have seen problems with AD-integrated zones and multiple DNS
services.  We rarely saw the serial numbers on the zones agree.
We have an open case with MS, and MS has been unable to reproduce the
problem.  There was a report in bind-users last August of decreasing
serial numbers from AD-integrated W2k zones.  So, we have decided that
if we have only ONE MS DNS server, then we won't experience these
problems.
----------------------------------------------------------------------
Barry S. Finkel
Electronics and Computing Technologies Division
Argonne National Laboratory          Phone:    +1 (630) 252-7277
9700 South Cass Avenue               Facsimile:+1 (630) 252-9689
Building 221, Room B236              Internet: BSFinkel at anl.gov
Argonne, IL   60439-4844             IBMMAIL:  I1004994

More information about the bind-users mailing list