In message <b07d01c0-86c2-45e6-ac8e-6fc3472d9...@menandmice.com>, Chris Buxton writes: > On Nov 17, 2009, at 5:01 PM, <jim.siffe...@tektronix.com> <jim.siffe...@tektr > onix.com> wrote: > > > Hi all, > > > > Most of our internal DNS zones are mastered in Microsoft DNS (2k3 R2) as AD > Integrated zones. Currently, those zones are slaved from a single MS DNS se > rver to our BIND 9 servers that handle recursion. Is there a reliable way to > use multiple masters when slaving AD Integrated zones to BIND? > > > > In the O'Reilly book "DNS on Windows Server 2003" a section on p. 324 calle > d "BIND Secondaries for Active Directory-Integrated Zones" says serial number > s can vary on otherwise synchronized MS DNS Servers, potentially causing a se > rver to respond with an incorrect lower serial number. > > Hello Jim, > > The book is correct. Furthermore, if using multiple AD servers as masters, th > ey can apply updates in different orders, so the IXFR mechanism breaks. > > I believe the only way to make this work would be to use the statement "multi > -master true;" inside your zone statement. My understanding is that named (th > e slave) will not compare versions between the two servers, essentially treat > ing each DC's copy of the zone as separate and distinct. Thus, if it has to s > witch over to the second-listed master, it will request a full zone transfer > rather than an IXFR.
multi-master true; still assumes correct zone serial number maintenance. It just prevents the warnings about serial number going backwards which is a normal side effect of having multiple masters vs a master with multiple addresses. > Chris Buxton > Professional Services > Men & Mice > > _______________________________________________ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
