BIND 8.2 based DNS and AD
jose.a.campos at exxonmobil.com
jose.a.campos at exxonmobil.com
Tue Nov 12 14:30:04 UTC 2002
Richard,
We use QIP 5.2 - I'm just wondering :
what 's the scavenging interval set to ?
What about aging ?
Kevin Darcy
<kcd at daimlerchrysl To: comp-protocols-dns-bind at isc.org
er.com> cc:
Sent by: Subject: Re: BIND 8.2 based DNS and AD
bind-users-bounce@
isc.org
11/11/02 02:43 PM
Richard Davies wrote:
> During extensive lab testing, we seem to have found something of an
> issue with both Nortel NetID 4.2.x and Lucent QIP 5.2 in an AD
> environment.
> Out of the box AD (as we'd like very much to leave it) relies on
> individual DCs and GCs being able to dynamically register SRV records.
> Both of these products support the relevent RFC, all good so far.
> However, both products appear to 'clean up' (remove) dynamically
> registered SRV records intermittently. This, if it occurs during an
> attempt by AD to run a replication cycle causes all manner of merry
> hell to break loose. The SRVs are normally de-registered and
> re-registered by individual DCs every 60 minutes by default, which
> often leaves us with between 1 and 59 minutes with potentially no SRV
> records existing for our DNS zones.......not good. Lucent have a
> workaround which effectively hard codes the SRVs by running a CLI
> using 'append mode', and we presume Nortel have a similar 'fix'.
> Wanting to implement the most suitable product for a primarily AD
> based infrastructure, I would like to know whether anyone else has
> encountered this issue and if it is (as it seems) a feature of BIND??
BIND doesn't have any "scavenging" feature -- it wouldn't delete records
unless it was specifically told to do so through Dynamic Update, or
unless it reloaded the zone from some sort of backend store, e.g. a
zonefile or backend DB, from which the records had been deleted.
So, I would say either a) QIP/NetID must be deleting those records
itself, or b) some component of the Win2K/AD suite (e.g. GC, DC,
DHCP server) is doing the deletes. In any case, I doubt very much that
it's a BIND problem...
- Kevin
More information about the bind-users
mailing list