Start of authority records in AD integrated DNS


G

Guest

Can any one confirm for me if the following is correct behaviour

2 Win2k DCs in the same win2k domain. Both host DNS. DNS is set on both to active directory integrated. On both servers the start of authority record is itself ( i.e. DC1 thinks it is the SOA for the domain and DC2 thinks it is the SOA for the domain)
Should this be set up with DC2 hosting a standard secondary zone, receiving updates from DC1, or am I missing something here.
 
Ad

Advertisements

H

Herb Martin

Alex said:
Can any one confirm for me if the following is correct behaviour:

2 Win2k DCs in the same win2k domain. Both host DNS. DNS is set on both to
active directory integrated. On both servers the start of authority record
is itself ( i.e. DC1 thinks it is the SOA for the domain and DC2 thinks it
is the SOA for the domain).
Should this be set up with DC2 hosting a standard secondary zone,
receiving updates from DC1, or am I missing something here.

Your missing something (minor) here. <grin>

The problem likely starts by thinking of the SOA as "DC2 thinks it is the
SOA",
rather than "DC2 is listed IN the SOA" -- minor point but the slight change
in
semantics will guide your thinking perhaps.

Traditional DNS didn't know about multi-mastering so there is only
one place to name the primary in the SOA.

Think instead of the SOA as being the header record for a zone.
Also consider that there is little practical issues from this with
one MAJOR exception: The secondaries who (might) later pull
from each master, will think of the DNS server listed in the SOA
as "master" for editing purposes and to will refer clients who must
do dynamic registration to THIS particular DC.

Makes sense, right? If you need to register with DNS, then your first
shot is the DNS server you are using. It it is not dynamic, then you
can either work your way up the "master chain" (in theory at least
a seconary can pull from a seconary from a primary -- true master)
OR you can use the SOA to jump to the "master" listed there.

If your secondary can pull (directly or indirectly) from that master
then you stand a better chance of reaching that same one (efficiently)
than you would from another (random) DC-DNS server --that
other random DNS master server might be behind a firewall or just
across the planet.
 
J

Jonathan de Boyne Pollard

A> On both servers the start of authority record is itself

The "SOA" resource record isn't anything. You are talking about _a particular
field of_ the "SOA" resource record - namely the "MNAME" field.

A> ( i.e. DC1 thinks it is the SOA for the domain and DC2
A> thinks it is the SOA for the domain).

Correct; and, for Active Directory integrated "zones", completely irrelevant
(as are most of the fields of "SOA" resource records).

A> Should this be set up with DC2 hosting a standard secondary
A> zone, receiving updates from DC1, [...]

Not if the aforementioned is the only criterion.
 
A

Ace Fekay [MVP]

In
Alex said:
Can any one confirm for me if the following is correct behaviour:

2 Win2k DCs in the same win2k domain. Both host DNS. DNS is set on
both to active directory integrated. On both servers the start of
authority record is itself ( i.e. DC1 thinks it is the SOA for the
domain and DC2 thinks it is the SOA for the domain). Should this be
set up with DC2 hosting a standard secondary zone, receiving updates
from DC1, or am I missing something here.


It's normal behavior due to the multi-master functionality of AD Integrated
zones. Each server believe it's authorative for the zone. Just ignore it.

As mentioned by Jonathan, any AD Integrated zone that you allow a secondary
zone to copy from will take that zone's SOA and will be the MNAME.

Here's something else to read that's related...
282826 - Active Directory-Integrated DNS Zone Serial Number Behavior:
http://support.microsoft.com/?id=282826

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================
 
Ad

Advertisements


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top