On 2014-02-19 16:06, Barry S. Finkel wrote:
See MS KB article 282826, where MS documents the handling of zone serial numbers in an AD environment.
My experience is that it tends to work pretty well if BIND only points to one particular MS DNS server at a time, with a failover script that detects when that DNS server goes down and flips to another master (if you're worried about such things)
That being said, even without that script and with multiple MS DNS masters configured in BIND at once, any issues generally work themselves out within 15 minutes or so, once the Active Directory serial number update propagates through the MS DNS infrastructure. As described in the article, the servers self-increment properly when a slave is detected, and occasionally sync up the serial numbers between MS DNS servers (again, only moving update).
The only inconsistencies are in those recently added/modified records, so if you just plan for 15 minute update times for non-MS secondaries to sync up and ignore the periodic "serial is lower than expected" warnings, multi-mastering works fine in practice.
-- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
