[trep]

Hi,

Besides the point of having DNS in a database and replicated automatically between the sites, is there a point to use AD Integrated DNS ? I would tend to not use this kind of configuration in a multi-site environment to prevent corruption of the DNS database. Autorizing zone transfer between the sites and having a copy on each sites looks to be the same to me, so maybe somebody could give the pros/cons about this ?

Best regards,

trep

[Killerbe]

The pro is how it is replicated, as it uses the same replication model as AD.
If you not use AD integrated, than replication will run along side and thus creating more overhead. Also each time an update occur the whole dns zone will be replicated to the other dns server, while in a ad integrated only updated or new objects are replicated.

[Garen]

Is there a point to NOT use AD integreated? It's not like AD going corrupt is a common thing.

[Akila]

Quote:

Originally Posted by trep

Hi,

Besides the point of having DNS in a database and replicated automatically between the sites, is there a point to use AD Integrated DNS ? I would tend to not use this kind of configuration in a multi-site environment to prevent corruption of the DNS database. Autorizing zone transfer between the sites and having a copy on each sites looks to be the same to me, so maybe somebody could give the pros/cons about this ?

Best regards,

trep

yes there is a point for DNS Integration besides replication.
1) Multiple Primary DNS. if it would not be AD integrated you have only One Primary and the rest are secondary DNS, how would the clients/servers on remote site register themselves in the DNS (A record)? they sure can't do it on a socandary DNS , and if you point them to use the Primary DNS then why bother making Secondaries in the 1st place.

2) Primary/Secondary method means replication of DNS records are in the Method of "Zone Transfer" meaning every new record or a change that is made on the Primary it would replicated the entire zone to the Secondary (that is why it's called a "zone transfer"), waist of bandwidth to replicate the entire zone for every change, when it is in the AD only the record would be transferred to the DNS .

As far as corruption goes i don't see the point , a dns corruption could also take place when it is not in the AD,
(dns also has a DataBase File you know), if you wish you could export the zone to a file using dnscmd regardless is it's in the AD or not.
you could always then Import it back whenever you want (in case of corruption).

[guyt]

Quote:

Originally Posted by Akila

how would the clients/servers on remote site register themselves in the DNS (A record)? they sure can't do it on a socandary DNS , and if you point them to use the Primary DNS then why bother making Secondaries in the 1st place.

If you use Primary/Secondary model and point the client to a DNS server holding a secondary zone, the DDNS request will be relayed to Primary DNS and will succeed (if allowed)

Quote:

Originally Posted by Akila

Primary/Secondary method means replication of DNS records are in the Method of "Zone Transfer" meaning every new record or a change that is made on the Primary it would replicated the entire zone to the Secondary (that is why it's called a "zone transfer"), waist of bandwidth to replicate the entire zone for every change, when it is in the AD only the record would be transferred to the DNS .

BIND supports incremental zone transfers (IXFR - implementation of RFC1995): http://www.isc.org/sw/bind/arm93/Bv9...zone_transfers. Have never tested this on other DNS servers, but I'd expect that any enterprise level DNS would support this feature.

MS DNS starting with W2K supports RFC1995, which defines the Incremental Zone Transfers protocol.

[guyt]

What kind of corruption are you expecting? I can see many other reasons to not use AD integrated zones, but I would not put data corruption into the list.

[Akila]

Quote:

Originally Posted by guyt

If you use Primary/Secondary model and point the client to a DNS server holding a secondary zone, the DDNS request will be relayed to Primary DNS and will succeed (if allowed)

did not know that, thanks for the heads up

Quote:

Originally Posted by guyt

BIND supports incremental zone transfers (IXFR - implementation of RFC1995): http://www.isc.org/sw/bind/arm93/Bv9...zone_transfers. Have never tested this on other DNS servers, but I'd expect that any enterprise level DNS would support this feature.

MS DNS starting with W2K supports RFC1995, which defines the Incremental Zone Transfers protocol.

I queued exactly what "Yaniv wineberg" (ADRAP Engineer) told us , so it must be that the Entier Zone is replicated rather then a Incremental Replication.
I am sure he knows what he is talking about, correct me if I am wrong.
BTW - if you look and the DNS Eventlog you would see that it actually transferred the Zone on an Update.

[guyt]

Quote:

Originally Posted by Akila

I queued exactly what "Yaniv wineberg" (ADRAP Engineer) told us , so it must be that the Entier Zone is replicated rather then a Incremental Replication.
I am sure he knows what he is talking about, correct me if I am wrong.
BTW - if you look and the DNS Eventlog you would see that it actually transferred the Zone on an Update.

If there is something I have learned during the years spent in consulting, it is the fact that even greatest and brightest can be sometimes wrong, misunderstood or misinterpreted.

Take a look at technet: http://technet.microsoft.com/en-us/l...on124121120120
And scroll down a bit for a section on "Incremental Zone Transfer" and IXFR.

The default BIND settings, when configured as master or slave for a zone, would indeed make the whole zone be transfered, but turning on IXFR on the BIND side would solve the issue.

Transfer zone on Update is about NOTIFY packets - this does not necessary mean how the zone will be transfered - Primary can notify the SLAVE to initiate zone transfer. How the zone is transfered is up to the configuration in place.

Update: There is even a KB describing issues with IXFR/AXFR when mixing BIND with MS DNS: http://support.microsoft.com/kb/912233

[Akila]

You always learn new thing