RE: [ActiveDir] DDNS in Unix environment

[Guest, Mike]

You could look at http://www.simplefailover.com/ (never used or tried this – just found it in a google search)   Or you could look at writing a WMI script yourself to update DDNS as long as you can find some way to trigger it.  In that case http://www.iisfaq.com/Default.aspx?tabid=2986 may be of some assistance.   Hope this helps   ______________________________________________________ Mike Guest | Capgemini | Sale Server Support | Outsourcing UK Office: + 44 (0)870 366 1814 | 700 1814 | [EMAIL PROTECTED] 77-79 Cross Street, Sale, Cheshire. M33 7HG Join the Collaborative Business Experience ______________________________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick Sent: 19 June 2006 15:01 To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] DDNS in Unix environment   Guy, can we assume that the requirement is to provide the high availability as transparently as possible then? What is the expectation if the primary site goes away as far as client name res? What is their way of knowing that the server went away and to use a new name (keeping in mind that caching etc is going to take place)? What does Veritas recommend? (it is there product after all).   Al   On 6/17/06, Guy Teverovsky <[EMAIL PROTECTED]> wrote: Howdy all, I am banging my head over this trying to come up with a solution for a client. To make the long story short: financial organization which is very concerned about security. They are setting up a new network segment that will be serving some application to the internal network (there is a firewall in between). Because of the critical nature of the application, there is a DR site. AD is used for authentication and DNS. There is a Veritas HA cluster serving the application that will fail over to DR site in case the primary site goes down. Primary site: 2 DCs with SFU (R2) + Veritas cluster node DR site: 2 DCs with SFU (R2) + Veritas cluster node. Primary and DR site are at different physical locations and on different subnets. The only problem with this setup is that the cluster needs to register it's DNS name when failing over to DR site and it does not support secure DDNS. The best thing it can do is T-SIG DDNS with pre-shared key. Enabling non-secure DDNS is not an option. I can disable the DNS registration requirement in the cluster resource group, but this has some issues, while one of them is the fact that accessing the application at the DR site (from internal LAN) will require using FQDN different from the FQDN of the primary site. An alternative would be to somehow enable DDNS only from a predefined set of IP addresses, but from what I know the MS DNS is not capable of it (correct me if I'm wrong). Switching to BIND presents the same issue: while it can solve the dynamic registration of the cluster service using T-SIG DDNS, yet non-secure registration of SRV records is not acceptable and I would like to avoid having statically registered SRV records for the DCs. Not sure whether the solution is in the MS DNS, but there are some knowledgeable folks over here that might have stumbled upon something like this. Any help is greatly appreciated. Thanks, Guy   This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.