On 5/22/2017 10:48 AM, [hidden email] wrote:
> On 05/22/2017 07:16 AM, Barry S. Finkel wrote:
>> Maybe I am misinterpreting the problem. When I was managing a mixed
>> AD-BIND DNS scenario, ALL of the computers used the BIND servers for
>> their DNS resolution; none used the AD servers. But I had all of the
>> AD zones slaved on my BIND servers, so there was no need for any machine
>> to use the AD servers for DNS resolution. The AD servers had only
>> the AD zones, so if any machine queried the AD server for a non-AD zone,
>> the request would have been forwarded to the BIND servers anyway.
On Mon, 22 May 2017 08:46:59 -0600 Grant Taylor replied:
> Could your AD clients still reach the AD DNS servers? (It sounds like
> they could.)
> It's been my experience that AD clients still want to reach the master
> name server (in the SOA record) to do Dynamic DNS updates.
> (I've also successfully forced those through a BIND secondary configured
> to forward the dynamic updates to the AD master.)
> -- Grant. . . . unix || die
The only dynamic updates were to the AD"_" zones. Windows desktops and
servers had static IP addresses, so they did not use DHCP. One forward
zone and five /24 reverse zones were completely dynamic, and those zones
were mastered on a Windows DNS Server and slaved on my BIND servers.
As I have written before, there were lots of serial number updates
in these zones (forward, reverse, and "_") were the one contents did
not change. This caused a lot of unnecessary zone transfers between
the Windows DNS masters and my BIND slaves.