Re: Dynamic zone vs static records
Hi, As you pointed out, it may be a convenient approach. Thank you for the advice. JEROME BECOT Ingénieur Système et Réseau DSIRN Bureau n°4.29 Institut national des langues et civilisations orientales 65 rue des Grands Moulins Paris 75013, France 01 81 70 10 78 jerome.becot @inalco.fr [ http://www.inalco.fr/ | www.inalco.fr ] De: "Darcy Kevin (FCA)" <kevin.da...@fcagroup.com> À: "bind-users" <bind-users@lists.isc.org> Envoyé: Jeudi 3 Mai 2018 20:42:59 Objet: RE: Dynamic zone vs static records “ We are aware that we should not mix the plain text configuration with these dynamic records (and use a subdomain instead)” So, why don’t you do that? As far as I know, Domain Controllers still only maintain SRV records, so the “underscore zones” approach should still work. Make _tcp.example.com, _udp.example.com, _msdcs.example.com, etc. separate subzones, with Dynamic Updates allowed (for the Domain Controllers to add/delete/refresh their SRV records), and have the main zone (example.com) maintained by FusionDirectory. No need to get fancy with LDAP backends… - Kevin From: bind-users <bind-users-boun...@lists.isc.org> On Behalf Of Jérôme BECOT Sent: Wednesday, May 02, 2018 9:49 AM To: bind-users@lists.isc.org Subject: Dynamic zone vs static records Hello, We are managing our DNS zone within LDAP through a 3rd party editor (FusionDirectory). This software is configured to export the LDAP configuration to plain text zone files, updated on the master (and a zone reload is made by the software by calling rndc). If we make this zone dynamic we have a serial issue because each server (Acitve Directory) dynamically updating the zone increments the serial which do not update the LDAP. Refreshing the zone via FusionDirectory do not work as the generated serial is lower. We are aware that we should not mix the plain text configuration with these dynamic records (and use a subdomain instead). As we want to edit the zone in LDAP and we would like to make the AD servers autoregister their record in the zone, would using bind with the LDAP backend allow us to do so ? (FusionDirectory can be configured as a simple LDAP editor without pushing text config). Let me know if my question is odd or lacking of information. Thank you for your further advices. JEROME BECOT Ingénieur Système et Réseau DSIRN Bureau n°4.29 Institut national des langues et civilisations orientales 65 rue des Grands Moulins Paris 75013, France 01 81 70 10 78 [ mailto:jerome.be...@inalco.fr | jerome.be...@inalco.fr ] [ http://www.inalco.fr/ | www.inalco.fr ] ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Dynamic zone vs static records
On 05/03/2018 12:42 PM, Darcy Kevin (FCA) wrote: As far as I know, Domain Controllers still only maintain SRV records DCs, likely all member servers, and possibly all workstations (or the DHCP server on their behalf) will try to register A / and PTR records too. Also, updates to the AD sub-domains should be infrequent. Updates to A / / PTR may be more frequent. -- Grant. . . . unix || die smime.p7s Description: S/MIME Cryptographic Signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: Dynamic zone vs static records
“We are aware that we should not mix the plain text configuration with these dynamic records (and use a subdomain instead)” So, why don’t you do that? As far as I know, Domain Controllers still only maintain SRV records, so the “underscore zones” approach should still work. Make _tcp.example.com, _udp.example.com, _msdcs.example.com, etc. separate subzones, with Dynamic Updates allowed (for the Domain Controllers to add/delete/refresh their SRV records), and have the main zone (example.com) maintained by FusionDirectory. No need to get fancy with LDAP backends… - Kevin From: bind-users <bind-users-boun...@lists.isc.org> On Behalf Of Jérôme BECOT Sent: Wednesday, May 02, 2018 9:49 AM To: bind-users@lists.isc.org Subject: Dynamic zone vs static records Hello, We are managing our DNS zone within LDAP through a 3rd party editor (FusionDirectory). This software is configured to export the LDAP configuration to plain text zone files, updated on the master (and a zone reload is made by the software by calling rndc). If we make this zone dynamic we have a serial issue because each server (Acitve Directory) dynamically updating the zone increments the serial which do not update the LDAP. Refreshing the zone via FusionDirectory do not work as the generated serial is lower. We are aware that we should not mix the plain text configuration with these dynamic records (and use a subdomain instead). As we want to edit the zone in LDAP and we would like to make the AD servers autoregister their record in the zone, would using bind with the LDAP backend allow us to do so ? (FusionDirectory can be configured as a simple LDAP editor without pushing text config). Let me know if my question is odd or lacking of information. Thank you for your further advices. JEROME BECOT Ingénieur Système et Réseau DSIRN Bureau n°4.29 Institut national des langues et civilisations orientales 65 rue des Grands Moulins Paris 75013, France 01 81 70 10 78 jerome.be...@inalco.fr<mailto:jerome.be...@inalco.fr> www.inalco.fr<http://www.inalco.fr> ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Dynamic zone vs static records
Hello, We are managing our DNS zone within LDAP through a 3rd party editor (FusionDirectory). This software is configured to export the LDAP configuration to plain text zone files, updated on the master (and a zone reload is made by the software by calling rndc). If we make this zone dynamic we have a serial issue because each server (Acitve Directory) dynamically updating the zone increments the serial which do not update the LDAP. Refreshing the zone via FusionDirectory do not work as the generated serial is lower. We are aware that we should not mix the plain text configuration with these dynamic records (and use a subdomain instead). As we want to edit the zone in LDAP and we would like to make the AD servers autoregister their record in the zone, would using bind with the LDAP backend allow us to do so ? (FusionDirectory can be configured as a simple LDAP editor without pushing text config). Let me know if my question is odd or lacking of information. Thank you for your further advices. JEROME BECOT Ingénieur Système et Réseau DSIRN Bureau n°4.29 Institut national des langues et civilisations orientales 65 rue des Grands Moulins Paris 75013, France 01 81 70 10 78 jerome.becot @inalco.fr [ http://www.inalco.fr/ | www.inalco.fr ] ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users