Bind dlz(mysql) with SRV Record
How to store SRV records in the database(mysql)? PRI、weight、port、target can be stored in data field? mysql select zone,host,type,data from dns_records where zone='zzz.cn' and type='srv'; +++--+-+ | zone | host | type | data| +++--+-+ | zzz.cn | _ldap._tcp | SRV | 5 30 5060 ldap2.zzz.cn. | | zzz.cn | _ldap._tcp | SRV | 10 30 5060 ldap.zzz.cn. | +++--+-+ 2 rows in set (0.00 sec) C:\Users\Administratornslookup 默认服务器: google-public-dns-a.google.com Address: 8.8.8.8 server 192.168.146.155 默认服务器: [192.168.146.155] Address: 192.168.146.155 set type=srv _ldap._tcp.zzz.cn 服务器: [192.168.146.155] Address: 192.168.146.155 _ldap._tcp.zzz.cn SRV service location: priority = 5 weight = 30 port = 5060 svr hostname = ldap2.zzz.cn zzz.cn nameserver = ns2.mynameserver.com zzz.cn nameserver = ns1.mynameserver.com _ldap._tcp.zzz.cn 服务器: [192.168.146.155] Address: 192.168.146.155 _ldap._tcp.zzz.cn SRV service location: priority = 10 weight = 30 port = 5060 svr hostname = ldap.zzz.cn _ldap._tcp.zzz.cn SRV service location: priority = 5 weight = 30 port = 5060 svr hostname = ldap2.zzz.cn zzz.cn nameserver = ns1.mynameserver.com zzz.cn nameserver = ns2.mynameserver.com C:\Users\Administratordig @192.168.146.155 _ldap._tcp.zzz.cn srv ; DiG 9.3.2 @192.168.146.155 _ldap._tcp.zzz.cn srv ; (1 server found) ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 1656 ;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 0 ;; QUESTION SECTION: ;_ldap._tcp.zzz.cn. IN SRV ;; ANSWER SECTION: _ldap._tcp.zzz.cn. 0 IN SRV 10 30 5060 ldap.zzz.cn. _ldap._tcp.zzz.cn. 0 IN SRV 5 30 5060 ldap2.zzz.cn. ;; AUTHORITY SECTION: zzz.cn. 0 IN NS ns1.mynameserver.com. zzz.cn. 0 IN NS ns2.mynameserver.com. ;; Query time: 49 msec ;; SERVER: 192.168.146.155#53(192.168.146.155) ;; WHEN: Tue Jul 27 14:38:34 2010 ;; MSG SIZE rcvd: 145 Do this correct? -- ShanyiWan 2010-07-27 ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND integration with windows DNS
On 07/27/2010 07:10 AM, Arnoud Tijssen wrote: I`m facing kind of a challenge. At the moment we have BIND and windows DNS within our corporate network. I would like to get rid of windows DNS and switch completely over to BIND, but since DNS is so intertwined with AD this is not an option since it probably introduces more problems then it solves You can do it. We run a large AD domain with DNS completely on bind. So my next option was to delegate all the windows specific subdomains (i.e. _tcp.example.com, _udp.example.com, _sites.example.com, _msdcs.example.com etc.) to windows DNS for dynamic updates and let You can run these on bind too (we do). Since updates to these special zones are by AD controllers only, you can use IP-based update policies. Obviously this is less secure. Recent versions of bind also have GSSAPI (secure update) support. It seems pretty sparsely documented though. the main domain, .example.com, reside on BIND. After setting up BIND and windows DNS and removing the main domain entry from the windows DNS servers, leaving only the windows specific subdomains, and pointing the dns resolvers of windows to the BIND servers the windows clients were unable to register themselves within DNS and AD properly. It seems the clients register themselves in the main zone file of the domain, which resides on BIND. Yes. This is windows default behaviour. You can turn this off in group policy, or again, recent version of bind support GSSAPI and you can have the clients do secure update. The problem is that bind does not have the garbage collection support that windows DNS does for client registrations. Since I don`t want all dynamic updates from windows clients polluting my main zone file, but still want one primary DNS serving the main domain instead of two, BIND and windows, what it is the best option if there is one. Sorry - I don't follow. You say you don't want windows clients updating the zone, and they're not. So what's the problem (i.e what have I misunderstood)? ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND integration with windows DNS
On 27/07/10 8:10 AM, Arnoud Tijssen atijs...@ram.nl wrote: I`m facing kind of a challenge. At the moment we have BIND and windows DNS within our corporate network. I would like to get rid of windows DNS and switch completely over to BIND, but since DNS is so intertwined with AD this is not an option since it probably introduces more problems then it solves So my next option was to delegate all the windows specific subdomains (i.e. _tcp.example.com, _udp.example.com, _sites.example.com, _msdcs.example.com etc.) to windows DNS for dynamic updates and let the main domain, .example.com, reside on BIND. After setting up BIND and windows DNS and removing the main domain entry from the windows DNS servers, leaving only the windows specific subdomains, and pointing the dns resolvers of windows to the BIND servers the windows clients were unable to register themselves within DNS and AD properly. It seems the clients register themselves in the main zone file of the domain, which resides on BIND. Since I don`t want all dynamic updates from windows clients polluting my main zone file, but still want one primary DNS serving the main domain instead of two, BIND and windows, what it is the best option if there is one. Create a subdomain for your clients and delegate it to the Windows servers, who will then receive the updates. Any advise would greatly be appreciated. Cheers, Arnoud ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Kal Feher ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND integration with windows DNS
On 07/27/2010 08:17 AM, Kalman Feher wrote: Since I don`t want all dynamic updates from windows clients polluting my main zone file, but still want one primary DNS serving the main domain instead of two, BIND and windows, what it is the best option if there is one. Create a subdomain for your clients and delegate it to the Windows servers, who will then receive the updates. This will work, but IIRC it requires changing the primary DNS suffix on all the clients (a reboot operation)? I must admit I don't know if the clients will instead a different domain returned in DHCP option 81. There is also then the issue of the msDS-AllowedDNSSuffixes value on the domain container, if you want the AD objects to have correct dNSHostName value (although Samba seems to be able to update this just fine...) Basically, Microsoft made this much harder than it needs to be (for obvious reasons) ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: BIND integration with windows DNS
From previous mail; Since I don`t want all dynamic updates from windows clients polluting my main zone file, but still want one primary DNS serving the main domain instead of two, BIND and windows, what it is the best option if there is one. Sorry - I don't follow. You say you don't want windows clients updating the zone, and they're not. So what's the problem (i.e what have I misunderstood)? The problem is that I want a clean zonefile, since it gets synchronized to our slave server, which get used by the outside world. But I do want the clients to register themselves in DNS. We use DHCP for most of the desktop systems internally and for troubleshooteing it is very convenient to be able to deduct which client system belongs to which ip address. Therefor I tried to delegate all off the windows specific subdomains to windows DNS and put a forward on BIND for these subdomains, but unfortunately that doesn`t work. So basically I would like to have all to reside on our BIND master and slave servers and be able to let windows clients update the dns dynamically, preferably secure, without polluting the zonefile with all of the extra data produced by the clients. Is there a tutorial of some where hwo to implement what you are suggesting? Thnx, Arnoud --Original Message- From: bind-users-bounces+atijssen=ram...@lists.isc.org [mailto:bind-users-bounces+atijssen=ram...@lists.isc.org] On Behalf Of Phil Mayers Sent: dinsdag 27 juli 2010 9:11 To: bind-users@lists.isc.org Subject: Re: BIND integration with windows DNS On 07/27/2010 07:10 AM, Arnoud Tijssen wrote: I`m facing kind of a challenge. At the moment we have BIND and windows DNS within our corporate network. I would like to get rid of windows DNS and switch completely over to BIND, but since DNS is so intertwined with AD this is not an option since it probably introduces more problems then it solves You can do it. We run a large AD domain with DNS completely on bind. So my next option was to delegate all the windows specific subdomains (i.e. _tcp.example.com, _udp.example.com, _sites.example.com, _msdcs.example.com etc.) to windows DNS for dynamic updates and let You can run these on bind too (we do). Since updates to these special zones are by AD controllers only, you can use IP-based update policies. Obviously this is less secure. Recent versions of bind also have GSSAPI (secure update) support. It seems pretty sparsely documented though. the main domain, .example.com, reside on BIND. After setting up BIND and windows DNS and removing the main domain entry from the windows DNS servers, leaving only the windows specific subdomains, and pointing the dns resolvers of windows to the BIND servers the windows clients were unable to register themselves within DNS and AD properly. It seems the clients register themselves in the main zone file of the domain, which resides on BIND. Yes. This is windows default behaviour. You can turn this off in group policy, or again, recent version of bind support GSSAPI and you can have the clients do secure update. The problem is that bind does not have the garbage collection support that windows DNS does for client registrations. Since I don`t want all dynamic updates from windows clients polluting my main zone file, but still want one primary DNS serving the main domain instead of two, BIND and windows, what it is the best option if there is one. Sorry - I don't follow. You say you don't want windows clients updating the zone, and they're not. So what's the problem (i.e what have I misunderstood)? ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND integration with windows DNS
On 07/27/2010 08:31 AM, Arnoud Tijssen wrote: From previous mail; Since I don`t want all dynamic updates from windows clients polluting my main zone file, but still want one primary DNS serving the main domain instead of two, BIND and windows, what it is the best option if there is one. Sorry - I don't follow. You say you don't want windows clients updating the zone, and they're not. So what's the problem (i.e what have I misunderstood)? The problem is that I want a clean zonefile, since it gets synchronized to our slave server, which get used by the outside world. But I do want the clients to register themselves in DNS. We use DHCP for most of the desktop systems internally and for troubleshooteing it is very convenient to be able to deduct which client system belongs to which ip address. Therefor I tried to delegate all off the windows specific subdomains to windows DNS and put a forward on BIND for these subdomains, but unfortunately that doesn`t work. So basically I would like to have all to reside on our BIND master and slave servers and be able to let windows clients update the dns dynamically, preferably secure, without polluting the zonefile with all of the extra data produced by the clients. Ok, I see. In that case you have several options: 1. Move the clients into a sub-domain as suggested by the other poster and allow them to make dynamic updates. I am pretty sure this requires reconfiguring the clients 2. On your DHCP server, use DHCP option 81 to tell the clients you are overriding their choice, and that the DHCP server will update the names. Then, ignore the client-supplied names and use names in a sub-domain. This will require you have MAC address - name mappings, and a DHCP server that can do this (which basically means ISC DHCPd) 3. Alternatively you could run split DNS - have two separate copies of the zone, one which the external world sees and one which the internal one sees, only allowing DNS updates to the latter. You'll then have to have some way to sync the common names, and it could get complex. Is there a tutorial of some where hwo to implement what you are suggesting? Much of the needed info is either out-of-date, fragmented or plain wrong I'm afraid. I've spent quite a bit of time looking into this at one point, and kept coming back to the same old HOWTOs and half-baked microsoft KB articles :o( This is somewhat useful: http://support.microsoft.com/kb/816592 ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Multiple masters expected behavior?
\On 07/26/10 23:02, Barry Margolin wrote: In articlemailman.100.1280077153.15649.bind-us...@lists.isc.org, Laws, Peter C.pl...@ou.edu wrote: Understood, but what I'm asking about is that the slave does not appear to be losing contact with the first-listed master. In fact, from the logs, it appears to be flipping back and forth (though not round-robinning). Multiple masters is not about losing contact, it's about getting the most up-to-date version of the zone. There's no reason for the slave to A HA! So the answer to my original question, after all this, is Yes (this is expected behavior). Thanks. -- Peter Laws / N5UWY National Weather Center / Network Operations Center University of Oklahoma Information Technology pl...@ou.edu --- Feedback? Contact my director, Craig Cochell, cra...@ou.edu. Thank you! ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
