Active Directory Integrated DNS( dynamic update behavior )

Thu Jan 16 21:37:33 UTC 2003

David Botham wrote:

> > -----Original Message-----
> > From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
> > Behalf Of Barry Finkel
> > Sent: Thursday, January 16, 2003 2:33 PM
> > To: bind-users at isc.org
> > Cc: rparasnis at clj.co.jp
> > Subject: RE: Active Directory Integrated DNS( dynamic update behavior
> )
> >
> > "Rahul Parasnis" <rparasnis at clj.co.jp> replied to my posting:
> >
> > >For rest of zones either I can define w2k as secondary or forward
> those
> > >requests to bind DNS .
> > >is there any limit on defining secondary servers ? ( is it 20 )
>
> A conventional limit is 13 name servers.  This limit is due to the fact
> you can pack 13 NS records with glue records into a UDP packet less than
> 512 bytes.  That way you do not trigger a truncation and hence a TCP
> transfer of the NS RRset for your zone...

You can only pack 13 NS'es + glue into the 512-byte limit, if the domain
names are all the same and the first labels are very short. Otherwise the
limit is lower.

- Kevin

> > Why define the W2k server as a slave for the other zones?  Which
> > machines are going to use the W2k server as their DNS server?  Almost
> > all of the machines here are configured to use my BIND servers as
> their
> > DNS servers; no machine (of which I am aware) is using the W2k DNS
> > Server as its server.  As everyone is using the BIND servers, I have
> to
> > insure that I have the "_" zones on the BIND servers.
> >
> > I am not sure what you mean by "limit on defining secondary servers".
> > You can have any number of slave servers for a given zone.  There
> > usually is no need for 1-4 slave servers.  Note that if you have many
> > slave servers for a zone, then there are many NS records in the zone,
> > and a query might result in all of those NS records being placed in
> > the AUTHORITY section of the DNS reply.  That could cause the reply
> > packet to exceed the size of a UDP packet, reulting in having to use
> > TCP.
> >
> > --------
> >
> > >I tested the dynamic update to learn it's behavior . Here is what
> > understood
> > >please correct me if I am wrong .
> > >
> > >If there is A record, CNAME and PTR  record for one client . A record
> is
> > >different than the Client FQDN ( computer name ). When client updates
> ,
> > it
> > >deletets this A record and PTR record and replaces with it's FQDN
> Name
> > but
> > >the old A record and CNAME resord is not deleted .
> > >I could see the log in db.domain.ixfr and
> reverse_lookup_zone_file.ixfr .
> >
> > Assuming these entries in DNS:
> >
> >      AA  IN  A  1.2.3.4
> >      BB  IN  CNAME  AA
> >      1.2.3.4  IN  PTR  AA
> >
> > If a machine named AA at address 2.3.4.5 attempts self-registration
> and
> > is successful, then these records will be in DNS, I believe:
> >
> >      AA  IN  A  2.3.4.5
> >      BB  IN  CNAME  AA
> >      1.2.3.4  IN  PTR  AA
> >      2.3.4.5  IN  PTR  AA
> >
> > The "A" record for AA will have been replaced, while the PTR record
> for
> > 2.3.4.5 will have been added.  The CNAME record will have been left
> > untouched.
> >
> > Given the initial scenario again -- if a machine named BB at address
> > 2.3.4.5 attempts self-registration, then the initial request to
> > register
> >
> >      BB  IN  A  2.3.4.5
> >
> > will fail, because the DDNS packet has a pre-requisite check to insure
> > that BB is not already a CNAME.  Once this pre-req fails, I do not
> know
> > what subsequent DDNS packets, if any, will be sent by the W2k computer
> > attempting self-registration (either for the forward registration or
> > for the reverse registration).  I have never had this situation in my
> > testing.  Note that there is no CNAME pre-req test in the registration
> > of the PTR record; there could be a CNAME in a reverse zone if one is
> > using RFC 2317-style delegation of a piece of a subnet.
> >
> > --------
> >
> > >These two names are not cnames of the A-record that is dynamically
> added
> > .
> > >
> > >nslookup cname
> > >Server:  DNS Server
> > >Address:  IP Address
> > >
> > >Name:    rparasnis.clj.co.jp
> > >Address:  IP Address
> > >Aliases:  cname.clj.co.jp
> > >
> > >there are following records now in DNS
> > >A record for computername ( dynamically updated )
> > >PTR record for computername ( dynamically updated )
> > >A record (old ) which was existing before
> > >CNAME records pointing to old A-record
> > >
> > >is my understanding correct ?
> >
> > I cannot tell from your example what was in DNS before the update, and
> > what machine (at what address) sent the self-registration.
> > ----------------------------------------------------------------------
> > Barry S. Finkel
> > Electronics and Computing Technologies Division
> > Argonne National Laboratory          Phone:    +1 (630) 252-7277
> > 9700 South Cass Avenue               Facsimile:+1 (630) 252-4601
> > Building 222, Room D209              Internet: BSFinkel at anl.gov
> > Argonne, IL   60439-4828             IBMMAIL:  I1004994