Re: DNS forwarding

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Re: DNS forwarding

Barry S. Finkel
On 5/22/2017 10:48 AM, [hidden email] wrote:
> On 05/22/2017 07:16 AM, Barry S. Finkel wrote:
>> Maybe I am misinterpreting the problem.  When I was managing a mixed
>> AD-BIND DNS scenario, ALL of the computers used the BIND servers for
>> their DNS resolution; none used the AD servers.  But I had all of the
>> AD zones slaved on my BIND servers, so there was no need for any machine
>> to use the AD servers for DNS resolution.  The AD servers had only
>> the AD zones, so if any machine queried the AD server for a non-AD zone,
>> the request would have been forwarded to the BIND servers anyway.

On Mon, 22 May 2017 08:46:59 -0600  Grant Taylor replied:

> Could your AD clients still reach the AD DNS servers?  (It sounds like
> they could.)
>
> It's been my experience that AD clients still want to reach the master
> name server (in the SOA record) to do Dynamic DNS updates.
>
> (I've also successfully forced those through a BIND secondary configured
> to forward the dynamic updates to the AD master.)
>
>
>
> -- Grant. . . . unix || die


The only dynamic updates were to the AD"_" zones.  Windows desktops and
servers had static IP addresses, so they did not use DHCP.  One forward
zone and five /24 reverse zones were completely dynamic, and those zones
were mastered on a Windows DNS Server and slaved on my BIND servers.

As I have written before, there were lots of serial number updates
in these zones (forward, reverse, and "_") were the one contents did
not change.  This caused a lot of unnecessary zone transfers between
the Windows DNS masters and my BIND slaves.

--Barry Finkel
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users