how two dns bind master sync?

[Grant Taylor]

On 08/23/2018 02:15 PM, Grant Taylor via bind-users wrote:
> It's my understanding that MS-DNS servers hosting AD Integrated zones 
> are actually functioning as application layer gateways between DNS and 
> data that's stored in LDAP.

My AD Guy confirms that the DNS data for Active Directory Integrated 
Zones is indeed stored in LDAP and that MS-DNS is acting as an 
application layer gateway between DNS and LDAP.  As such, the 
multi-master aspect issue is pushed to AD's LDAP implementation.

> So the case of synchronizing records with different FQDNs is actually 
> trivial in that different records are being updated in the back end LDAP 
> and the ALG is simply reading the data and replying to clients.

He confirmed that LDAP does support writes to different data on 
different servers without a problem.

He even indicated that updates for the same FQDN may not be a problem, 
depending on the operation being done.  I.e. multiple inserts for A 
records will simply merge in LDAP data.  The thing he wasn't quite sure 
of was what would happen if one server deletes an A record and another 
server enters an A record.  He thinks that LDAP will delete the first 
record which is different and insert the other record.

He also mentioned that it is unlikely that the same FQDN would be 
modified on two different servers at the same time.  As such, LDAP would 
likely see different FQDNs and simply merge them as part of the raw data.

This is where I wash my hands and decide that I want to NOT get any 
deeper into AD.



-- 
Grant. . . .
unix || die

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3982 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20180823/954c6928/attachment-0001.bin>