On Tue, 19 Aug 2003, at 7:04am, [EMAIL PROTECTED] wrote: > As I mentioned, my experience has been that all dynamic updates seem to be > processed through the resolving DNS server, rather than direct client to > SOA.
Reference RFC-2136, "Dynamic Updates in the Domain Name System". Section 3.1, "Process Zone Selection": "... the ZNAME and ZCLASS are checked to see if the zone so named is one of this server's authority zones, else signal NOTAUTH to the requestor." In other words, if the DNS server receives a DNS update request for a zone which it is NOT authoritative for, it should return NOTAUTH (not authorized) to the update requestor. So, not only is the resolving DNS server not expected to forward DNS requests, it really should not do so, unless it is also authoritative for the zone in question. Same section goes on to say, "If the server is a zone slave, the request will be forwarded toward the primary master." That only applies if the server is authoritative, of course. If the DNS zone is an Active Directory integrated zone, then it should be possible for any DNS server to accept that update, and propagate the changes through AD replication. Same RFC. Section 4, "Requestor Behavior", subsection 4.1: "Requestors are expected to know the name of the zone they intend to update and to know or be able to determine the name servers for that zone." Now, I suppose it is possible MS-DNS does something completely non-standard, and forwards DNS update requests for zones which it is not authoritative for to the authoritative servers. However, that is explicitly not what the RFC says to do, so I would not depend such behavior. > I think its safe to say I have a better than average understanding of > DNS[1] From your previous posts alone, I'm pretty confident of that. But we all make mistakes, myself included. It makes you feel any better, I had to go double-check the RFC myself to be sure *my* understanding was correct, so I figured I might as well post the results. :-) -- Ben Scott <[EMAIL PROTECTED]> | The opinions expressed in this message are those of the author and do | | not represent the views or policy of any other person or organization. | | All information is provided without warranty of any kind. | ------ You are subscribed as [EMAIL PROTECTED] Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=nt2000&text_mode=&lang=english To unsubscribe send a blank email to [EMAIL PROTECTED]
