On 08/23/2018 02:15 PM, Grant Taylor via bind-users wrote:
It's my understanding that MS-DNS servers hosting AD Integrated zones are actually functioning as application layer gateways between DNS and data that's stored in LDAP.
My AD Guy confirms that the DNS data for Active Directory Integrated Zones is indeed stored in LDAP and that MS-DNS is acting as an application layer gateway between DNS and LDAP. As such, the multi-master aspect issue is pushed to AD's LDAP implementation.
So the case of synchronizing records with different FQDNs is actually trivial in that different records are being updated in the back end LDAP and the ALG is simply reading the data and replying to clients.
He confirmed that LDAP does support writes to different data on different servers without a problem.
He even indicated that updates for the same FQDN may not be a problem, depending on the operation being done. I.e. multiple inserts for A records will simply merge in LDAP data. The thing he wasn't quite sure of was what would happen if one server deletes an A record and another server enters an A record. He thinks that LDAP will delete the first record which is different and insert the other record.
He also mentioned that it is unlikely that the same FQDN would be modified on two different servers at the same time. As such, LDAP would likely see different FQDNs and simply merge them as part of the raw data.
This is where I wash my hands and decide that I want to NOT get any deeper into AD.
-- Grant. . . . unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
