Re: Dynamic zone vs static records

[Jérôme BECOT]

Hi, 

As you pointed out, it may be a convenient approach. 

Thank you for the advice. 

JEROME BECOT 
Ingénieur Système et Réseau 
DSIRN 
Bureau n°4.29 
Institut national des langues et civilisations orientales 
65 rue des Grands Moulins 
Paris 75013, France 

01 81 70 10 78 
jerome.becot @inalco.fr 
[ http://www.inalco.fr/ | www.inalco.fr ] 


De: "Darcy Kevin (FCA)" <kevin.da...@fcagroup.com> 
À: "bind-users" <bind-users@lists.isc.org> 
Envoyé: Jeudi 3 Mai 2018 20:42:59 
Objet: RE: Dynamic zone vs static records 



“ We are aware that we should not mix the plain text configuration with these 
dynamic records (and use a subdomain instead)” 



So, why don’t you do that? As far as I know, Domain Controllers still only 
maintain SRV records, so the “underscore zones” approach should still work. 
Make _tcp.example.com, _udp.example.com, _msdcs.example.com, etc. separate 
subzones, with Dynamic Updates allowed (for the Domain Controllers to 
add/delete/refresh their SRV records), and have the main zone (example.com) 
maintained by FusionDirectory. No need to get fancy with LDAP backends… 





- Kevin 






From: bind-users <bind-users-boun...@lists.isc.org> On Behalf Of Jérôme BECOT 
Sent: Wednesday, May 02, 2018 9:49 AM 
To: bind-users@lists.isc.org 
Subject: Dynamic zone vs static records 





Hello, 





We are managing our DNS zone within LDAP through a 3rd party editor 
(FusionDirectory). This software is configured to export the LDAP configuration 
to plain text zone files, updated on the master (and a zone reload is made by 
the software by calling rndc). 





If we make this zone dynamic we have a serial issue because each server (Acitve 
Directory) dynamically updating the zone increments the serial which do not 
update the LDAP. Refreshing the zone via FusionDirectory do not work as the 
generated serial is lower. 





We are aware that we should not mix the plain text configuration with these 
dynamic records (and use a subdomain instead). As we want to edit the zone in 
LDAP and we would like to make the AD servers autoregister their record in the 
zone, would using bind with the LDAP backend allow us to do so ? 
(FusionDirectory can be configured as a simple LDAP editor without pushing text 
config). 





Let me know if my question is odd or lacking of information. 





Thank you for your further advices. 





JEROME BECOT 


Ingénieur Système et Réseau 


DSIRN 


Bureau n°4.29 





Institut national des langues et civilisations orientales 


65 rue des Grands Moulins 


Paris 75013, France 





01 81 70 10 78 


[ mailto:jerome.be...@inalco.fr | jerome.be...@inalco.fr ] 
[ http://www.inalco.fr/ | www.inalco.fr ] 

___ 
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list 

bind-users mailing list 
bind-users@lists.isc.org 
https://lists.isc.org/mailman/listinfo/bind-users 
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Dynamic zone vs static records

[Grant Taylor via bind-users]

On 05/03/2018 12:42 PM, Darcy Kevin (FCA) wrote:

As far as I know, Domain Controllers still only maintain SRV records


DCs, likely all member servers, and possibly all workstations (or the 
DHCP server on their behalf) will try to register A /  and PTR 
records too.


Also, updates to the AD sub-domains should be infrequent.  Updates to A 
/  / PTR may be more frequent.




--
Grant. . . .
unix || die



smime.p7s
Description: S/MIME Cryptographic Signature
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: Dynamic zone vs static records

[Darcy Kevin (FCA)]

“We are aware that we should not mix the plain text configuration with these 
dynamic records (and use a subdomain instead)”

So, why don’t you do that? As far as I know, Domain Controllers still only 
maintain SRV records, so the “underscore zones” approach should still work. 
Make _tcp.example.com, _udp.example.com, _msdcs.example.com, etc. separate 
subzones, with Dynamic Updates allowed (for the Domain Controllers to 
add/delete/refresh their SRV records), and have the main zone (example.com) 
maintained by FusionDirectory. No need to get fancy with LDAP backends…




- Kevin


From: bind-users  On Behalf Of Jérôme BECOT
Sent: Wednesday, May 02, 2018 9:49 AM
To: bind-users@lists.isc.org
Subject: Dynamic zone vs static records

Hello,

We are managing our DNS zone within LDAP through a 3rd party editor 
(FusionDirectory). This software is configured to export the LDAP configuration 
to plain text zone files, updated on the master (and a zone reload is made by 
the software by calling rndc).

If we make this zone dynamic we have a serial issue because each server (Acitve 
Directory) dynamically updating the zone increments the serial which do not 
update the LDAP. Refreshing the zone via FusionDirectory do not work as the 
generated serial is lower.

We are aware that we should not mix the plain text configuration with these 
dynamic records (and use a subdomain instead). As we want to edit the zone in 
LDAP and we would like to make the AD servers autoregister their record in the 
zone, would using bind with the LDAP backend allow us to do so ? 
(FusionDirectory can be configured as a simple LDAP editor without pushing text 
config).

Let me know if my question is odd or lacking of information.

Thank you for your further advices.

JEROME BECOT
Ingénieur Système et Réseau
DSIRN
Bureau n°4.29

Institut national des langues et civilisations orientales
65 rue des Grands Moulins
Paris 75013, France

01 81 70 10 78
jerome.be...@inalco.fr
www.inalco.fr
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users