Barry & Jonathan,
Thanks for the quick replies. your responses go along with my findings
as well. I am trying to clean up some of our configs. The DDNS zones
just didn't look right to me and I wanted to confirm what I was
thinking.
Jonathan, I tested things on a test DC by pointing it at a DNS server
here that wasn't athoritative for its zone. When I made a change the
update happened almost immediately on the master server. This behavior
follows the logic of updates following the SOA.
Barry, from what I can find I don't think the slave needs to be listed
nor does the master in the allow-update directive. If I have time
tomorrow I might test this out in our test AD.
________________________________________________________
Nicholas Miller, ITS, University of Colorado at Boulder
On Dec 10, 2008, at 10:42 AM, Jonathan Petersson wrote:
I did some testing with this couple a months ago and it seams like
AD is following the NS directive in the SOA.
The design I used in my test-case was to put AD as an authoritative
updater of the specified zone on my master, once updated the BIND
master was responsible for updating the slaves.
Something you can do is add NS records in AD pointing at your BIND
slave-servers for the zone, and vice versa configure your slaves to
have the AD as master for the zone, what I've experienced is that
updates of new records tends to be REALLY slow, thus I would go with
the first option.
/Jonathan
On Dec 10, 2008, at 10:48 AM, [EMAIL PROTECTED] wrote:
1) All updates for a zone need to be sent to the master server for
that
zone, as only the master can perform updates. And one cannot assume
that updates sent to a slave server will be forwarded to the
master. And the only place in DNS where the master server is listed
is in the SOA record.
2) I am not sure of the answer. If a DNS update is sent to a slave
server and then forwarded to the master, I assume that the master
will see the request as coming from the real source and not from
the forwarding slave server. So, I assume that the slave server is
not updating the master, and thus does not need to be listed in the
allow-update declaration.
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
