BIND 9.7 Serial Number Decrease Problem

Barry Finkel bsfinkel at anl.gov
Tue Jun 7 15:03:56 UTC 2011 

"McDonald, Dan" <Dan.McDonald at austinenergy.com>" replied to my
posting:

>I think your root problem is trying to deal with active directory
>integrated zones.  We stopped using them entirely when we found that
>each domain controller maintains an individual SOA record with its own
>serial number.  The serial numbers rapidly (and purposely) fall out of
>sync, but active directory doesn't care as they use a different
>replication method.
>
>The only way that we could successfully interact from bind was to set up
>a forward-only zone and try to cache the results.  When we found that
>Active directory under windows 2000 was unable to maintain proper
>synchronization, we switched to bind for all zones and haven't looked
>back.


If you check the list archives (back to the days when there was
bind-users and bind9-users), you will find my postings dealing
with MS article 282826.  MS details the problem with zone
serial numbers, and that is why we run the DNS Server on only
ONE Domain Controller (and have since the beginning of AD in
Windows 2000).  When we run the DNS Server on a second DC
(because the Windows admins want to), I tell BIND that there is
ONE master server.  I do not care what the zone serial number is
on the other DC DNS Server, unless we have to switch masters.
The only times I have switched is when the master DC is being
upgraded, and I switch to another DC as the master.
We have NO machines cofigured (as far as I know) to use the
DNS Servers on the DC as primary DNS servers; all machines
are configured to use the BIND slaves.

In the early days of AD, there were serial number decreases in
the MS code.  I had an open trouble ticket for a long time before
the MS DNS development team found the problem.  I have not had a
serial number decrease on the MS side for a long time except,
occasionally, when patches are being applied to the DC, the
serial number on one or more zones will decrease during the
patch run, but after the DC is rebooted, the serial number
goes back to a non-decrease normal.

-- 
----------------------------------------------------------------------
Barry S. Finkel
Computing and Information Systems Division
Argonne National Laboratory          Phone:    +1 (630) 252-7277
9700 South Cass Avenue               Facsimile:+1 (630) 252-4601
Building 240, Room 5.B.8             Internet: BSFinkel at anl.gov
Argonne, IL   60439-4828             IBMMAIL:  I1004994

More information about the bind-users mailing list