Question regarding dynamic updates

[bsfinkel at anl.gov]

John Wobus <jw354 at cornell.edu> wrote:

>I've been told that Microsoft's DNS server allows a zone to be updated
>dynamically, yet some names in the zone be protected from changes via
>dynamic updates.  And I was told that BIND lacks this feature, having
>its granularity of control strictly by zone.  I would assume
>Microsoft's GUI makes this simple to manage, :-) but the mechanism
>would be functionally like having a list of names stored somewhere that
>the dynamic update mechanism would refuse to modify in the zone file.

I may be wrong, but this is my take on the Microsoft DNS Server and
DDNS.  If a record is added dynamically, then that record can be
changed or deleted dynamically.  If a record is added manually via the
GUI (or maybe by a command-line tool), then the record gets some sort
of internal marker that tells the DNS code that the record cannot be
subject to DDNS.  The GUI has no way of displaying this "DDNS flag", but
there may be some DNS or AD report that shows it.  I assume that
records added manually are not subject to scavenging, where the MS DNS
code looks for records in DNS that have not been refreshed recently and
deletes those records.  The code assumes that DHCP-controlled
registrations will be have leases renewed frequently.  Any record that
has not been refreshed is assumed to be an old DHCP registration that
is no longer valid.  There must be a timestamp associated with each
record in DNS, but the GUI does not display it.
----------------------------------------------------------------------
Barry S. Finkel
Computing and Information Systems Division
Argonne National Laboratory          Phone:    +1 (630) 252-7277
9700 South Cass Avenue               Facsimile:+1 (630) 252-4601
Building 222, Room D209              Internet: BSFinkel at anl.gov
Argonne, IL   60439-4828             IBMMAIL:  I1004994