That actually clears up a lot. I was dealing with the master/slave design, and that seems to work as described. I'll have to find some time to play with DDNS and a sniffer and really see how MS handles it.
-------------------------------------------------------------- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Tuesday, August 19, 2003 9:38 AM > To: NT 2000 Discussions > Subject: RE: DNS Architecture Question > > > On Tue, 19 Aug 2003, at 7:04am, [EMAIL PROTECTED] wrote: > > As I mentioned, my experience has been that all dynamic > updates seem to be > > processed through the resolving DNS server, rather than > direct client to > > SOA. > > Reference RFC-2136, "Dynamic Updates in the Domain Name System". > > Section 3.1, "Process Zone Selection": "... the ZNAME and ZCLASS are > checked to see if the zone so named is one of this server's > authority zones, > else signal NOTAUTH to the requestor." > > In other words, if the DNS server receives a DNS update > request for a zone > which it is NOT authoritative for, it should return NOTAUTH > (not authorized) > to the update requestor. So, not only is the resolving DNS server not > expected to forward DNS requests, it really should not do so, > unless it is > also authoritative for the zone in question. > > Same section goes on to say, "If the server is a zone > slave, the request > will be forwarded toward the primary master." That only > applies if the > server is authoritative, of course. If the DNS zone is an > Active Directory > integrated zone, then it should be possible for any DNS > server to accept > that update, and propagate the changes through AD replication. > > Same RFC. Section 4, "Requestor Behavior", subsection 4.1: > "Requestors > are expected to know the name of the zone they intend to > update and to know > or be able to determine the name servers for that zone." > > Now, I suppose it is possible MS-DNS does something completely > non-standard, and forwards DNS update requests for zones > which it is not > authoritative for to the authoritative servers. However, > that is explicitly > not what the RFC says to do, so I would not depend such behavior. > > > I think its safe to say I have a better than average > understanding of > > DNS[1] > > From your previous posts alone, I'm pretty confident of > that. But we all > make mistakes, myself included. It makes you feel any > better, I had to go > double-check the RFC myself to be sure *my* understanding was > correct, so I > figured I might as well post the results. :-) > > -- > Ben Scott <[EMAIL PROTECTED]> > | The opinions expressed in this message are those of the > author and do | > | not represent the views or policy of any other person or > organization. | > | All information is provided without warranty of any kind. > | > > > ------ > You are subscribed as [EMAIL PROTECTED] > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=nt2000&tex t_mode=&lang=english To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [EMAIL PROTECTED] Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=nt2000&text_mode=&lang=english To unsubscribe send a blank email to [EMAIL PROTECTED]
