Re: With Dynamic updates off, DNS server A records still update
- From: "Kevin D. Goodknecht Sr. [MVP]" <admin@xxxxxxxxxxxxxx>
- Date: Fri, 29 Apr 2005 05:32:55 -0500
merc wrote:
> I am running a set of internal and a set of external DNS servers, all
> of
> which server mulitple zones. They are all using AD integration under
> two
> application directory partions, one for intranet zones and one for
> extranet
> zones. The intranet application directory partition elists only the
> intranet
> DNS servers, and the extranet application directory partion only
> elists the
> extranet DNS servers. Also, the extranet DNS servers have
> /DisableNSRecordsAutoCreation turned on and all of the zones have
> Dynamic
> updates turned off. Only the intranet zone on the intranet servers
> has
> Dynamic updates turned on. All DNS servers also have the
> "LdapIpAddress"
> disabled.
Turning off the Ldapip address record will break GPOs it is this record that
is used to resolve the SYSVOL DFS Share at \\dnsdomain\sysvol These records
should point to the IP address on all DCs for which File Sharing is enabled
on. The only time you should disable the Ldapip address record is when you
have multi homed DCs and only one interface has file sharing enabled. The
interface's IP that has file sharing enabled should then be manually
created. If you point this record to a webserver then the domain members
will look for the SYSVOL DFS share and group policies on the web server.
>
> The problem I am having is that the intranet zone on the external DNS
> servers is dynamically adding/changing the A records for the enlisted
> DNS
> servers of the extranet application directory partition. Because of
> this, I
> have been forced to take this zone out of AD and run it as a simple
> primary/secondary zone. Is this a bug? Is there there a way to fix
> this, or
> a work-around?
>
> Also, when using a AD integrated zone, it always overwrites the
> "Primary
> server" in the SOA record with the FQDN of the server that is serving
> the
> records. This is OK for intranet servers, but it is an RFC violation
> for
> Internet servers. Is this going to be fixed (i.e. an option added to
> prevent
> this behavior)?
This is how Multi-master DNS works, each DNS server is its own master. It is
not a technical violation because each zone only has one SOA record. It is
just that each DNS server has a primary writable zone and will therefore
list itself as the Primary Master.
The RFC states that each zone can only have one SOA record, each zone only
has one SOA so it is not a violation.
--?
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
.
- Follow-Ups:
- References:
- Prev by Date: Re: PTR Records only update in Reverse Lookup Zones when
- Next by Date: DNS on Server2003 - Responds when using .com, but not .net address
- Previous by thread: With Dynamic updates off, DNS server A records still update
- Next by thread: Re: With Dynamic updates off, DNS server A records still update
- Index(es):
Relevant Pages
|
|
