"McDonald, Dan" <dan.mcdon...@austinenergy.com>" replied to my posting:
I think your root problem is trying to deal with active directory integrated zones. We stopped using them entirely when we found that each domain controller maintains an individual SOA record with its own serial number. The serial numbers rapidly (and purposely) fall out of sync, but active directory doesn't care as they use a different replication method. The only way that we could successfully interact from bind was to set up a forward-only zone and try to cache the results. When we found that Active directory under windows 2000 was unable to maintain proper synchronization, we switched to bind for all zones and haven't looked back.
If you check the list archives (back to the days when there was bind-users and bind9-users), you will find my postings dealing with MS article 282826. MS details the problem with zone serial numbers, and that is why we run the DNS Server on only ONE Domain Controller (and have since the beginning of AD in Windows 2000). When we run the DNS Server on a second DC (because the Windows admins want to), I tell BIND that there is ONE master server. I do not care what the zone serial number is on the other DC DNS Server, unless we have to switch masters. The only times I have switched is when the master DC is being upgraded, and I switch to another DC as the master. We have NO machines cofigured (as far as I know) to use the DNS Servers on the DC as primary DNS servers; all machines are configured to use the BIND slaves. In the early days of AD, there were serial number decreases in the MS code. I had an open trouble ticket for a long time before the MS DNS development team found the problem. I have not had a serial number decrease on the MS side for a long time except, occasionally, when patches are being applied to the DC, the serial number on one or more zones will decrease during the patch run, but after the DC is rebooted, the serial number goes back to a non-decrease normal. -- ---------------------------------------------------------------------- Barry S. Finkel Computing and Information Systems Division Argonne National Laboratory Phone: +1 (630) 252-7277 9700 South Cass Avenue Facsimile:+1 (630) 252-4601 Building 240, Room 5.B.8 Internet: bsfin...@anl.gov Argonne, IL 60439-4828 IBMMAIL: I1004994 _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
