Yea, with a caveat. You need to be careful when mixing DNS implementations. We've seen cases where forwarding of dynamic updates breaks because of bugs in one or both implementations. The moral of the story is to test, test, test, then deploy and keep your fingers crossed because there's no accounting for production. Be ready with a contingency plan in case it all comes crashing down around your ears.
Wook
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Alex Fontana
Sent: Thursday, January 19, 2006 9:07 PM
To: [email protected]
Subject: RE: [ActiveDir] 3rd party DNS and windows DDNS updates
As I understand it; the client machine queries it's primary DNS server for the SOA of the zone that matches the client's primary DNS Suffix. It then attempts to register it's A/PTR records with primary for that zone. That said, as long as the client's primary dns server knows who the SOA for the client's zone is you should be ok… Yay? Nay?
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Al Mulnick
Sent: Thursday, January 19, 2006 6:02 PM
To: [email protected]
Subject: Re: [ActiveDir] 3rd party DNS and windows DDNS updates
Give a little more detail, can you?
What I think you're asking is, if the zone is a third party hosted zone delegated to AD, but the users are using the third party host as their primary dns resolver, then would they be able to update their records?
Is that about it?
If that's the case, then I would think not. Why? Because the client must talk directly to the server that is authoritative for the zone so it can write the record.
In most situations, I have always advocated having machines use the servers that host their primary zone for all transactions. This has always resulted in higher availability and lower resolution times when/if issues arise (it's hard to keep admins from doing things, right? ;)
Further, if the client machine is an AD member, it will do better if it is able to register it's forward and reverse information. Not for AD necessarily, but for other applications that use DNS. If you're going to delegate the zone to AD anyway, have the clients use the AD DNS and just simplify your design. All your AD DNS servers would then just forward or otherwise allow resolution for other zones, but you wouldn't have a bunch of complex name resolution issues.
Al
On 1/19/06, Chandra Burra < [EMAIL PROTECTED]> wrote:
Hi,
Wanted to know if any one has tried this or does this work.
Having a 3rd party DNS with a sub-zone or child zone created for AD and delegated that zone to windows DDNS.
Now if the clients are pointing to 3rd party DNS as primary DNS - will these clients be able to still register with the dynamic windows DNS??
Regards,
Chandra Burra
Additionally, I've never seen it work well even though it may be that it's supposed to. To be honest, I never cared what it's supposed to do, because of the amount of confusion it causes and the likelihood that it would break for something it is ridiculous to begin with.
In my opinion, there is no sound reason to tell a client to use a different DNS server than the one that is authoritative for it's own primary zone for name services. That's an absurd way to do things that has no technical merit that I have ever seen. Whenever I see a configuration such as this, it is always either a misunderstanding or a politically motivated decision, but never a good one.
Like I said earlier, tell your client to avoid the hassle of a complicated name resolution scheme and instead use DNS the way it was designed to work. You get paid to make those kind of suggestions ;)
On 1/20/06, Lee, Wook <[EMAIL PROTECTED]> wrote:
- Re: [ActiveDir] 3rd party DNS and windows DDNS updates Al Mulnick
