A
Ace Fekay [MVP]
In
That is to get it to do what you want it to do.....
Ace
That is to get it to do what you want it to do.....
Ace
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
J
Jonathan de Boyne Pollard
a> thanks Ace for trying, but what you described is not what
a> the well known concepts about on the other side of the
a> DNS world.
Actually, what he described was _exactly_ the concept of a hidden master. (He
was describing it in the context of providing public content DNS service.)
And, as he said, the things that you asked about are not features of DNS
server softwares, they are descriptions of the "zone transfer" mechanism for
DNS database replication applied to particular configurations of content DNS
servers and DNS data.
By the way: If you think that the DNS world has two "sides", Microsoft and
ISC, then you are sorely underinformed.
a> the well known concepts about on the other side of the
a> DNS world.
Actually, what he described was _exactly_ the concept of a hidden master. (He
was describing it in the context of providing public content DNS service.)
And, as he said, the things that you asked about are not features of DNS
server softwares, they are descriptions of the "zone transfer" mechanism for
DNS database replication applied to particular configurations of content DNS
servers and DNS data.
By the way: If you think that the DNS world has two "sides", Microsoft and
ISC, then you are sorely underinformed.
J
Jonathan de Boyne Pollard
a> however, is it also doable for AD integrated zones?
The concepts of "hidden master" and "stealth slave" only apply to DNS database
replication mechanisms that have "master-slave" relationships, like the "zone
transfer" DNS database replication mechanism. They don't apply to
multi-master DNS database replication mechanisms such as Active Directory
integration.
The concepts of "hidden master" and "stealth slave" only apply to DNS database
replication mechanisms that have "master-slave" relationships, like the "zone
transfer" DNS database replication mechanism. They don't apply to
multi-master DNS database replication mechanisms such as Active Directory
integration.
J
Jonathan de Boyne Pollard
a> Actually I meant you were on the greener side...
WS> Nothing is farther from the truth bind guy (??) .
Ace is on the Microsoft side as far as I know. Are you saying that the
Microsoft side isn't the greener side ? I think that you two might be having
a disagreement about the meaning of "green".
WS> Nothing is farther from the truth bind guy (??) .
Ace is on the Microsoft side as far as I know. Are you saying that the
Microsoft side isn't the greener side ? I think that you two might be having
a disagreement about the meaning of "green".
J
Jonathan de Boyne Pollard
a> I'd like to use AD integrated DDNS with
a> hidden masters for security and simplicity,
a> and then on the user enviroment to use the
a> standard secondaries, [...]
1. As I've said before, the concept of "hidden master" simply does not apply
to multi-master DNS database replication mechanisms such as Active Directory
integration. It embodies a notion of a single source of new database data
that simply does not exist.
2. Mixing and matching different DNS database replication mechanisms within a
single set of peer content DNS servers (as you are envisaging doing here by
mixing Active Directory integrated DNS database replication with "zone
transfer" DNS database replication) is something that one should not do unless
one is _very_ careful and knows _exactly_ what one is doing.
Both of these apply to _all_ DNS server softwares, not just to Microsoft's.
(BIND users coming to another DNS server software such as Microsoft's DNS
server often think that these facts are particular to that other server
software, because coming to that other software is the first place where they
encounter multiple DNS database replication mechanisms in common use. But in
fact it is the BIND world that is the odd one out with peculiar notions. In
the BIND world, there's really only one DNS database replication mechanism in
common use, "zone transfer", and the erroneous beliefs often propagate that
this is the _only_ DNS database replication mechanism and that what it does
with "masters", "slaves", and "SOA" resource records necessarily applies to
all DNS database replication mechanism. However, for most other DNS server
softwares, including Microsoft's, there are usually several DNS database
replication mechanisms, with "zone transfer" being the least functional and
most primitive of them, available and in common use, with different mastering
arrangements and with different usages for the fields in "SOA" resource
records.)
a> hidden masters for security and simplicity,
a> and then on the user enviroment to use the
a> standard secondaries, [...]
1. As I've said before, the concept of "hidden master" simply does not apply
to multi-master DNS database replication mechanisms such as Active Directory
integration. It embodies a notion of a single source of new database data
that simply does not exist.
2. Mixing and matching different DNS database replication mechanisms within a
single set of peer content DNS servers (as you are envisaging doing here by
mixing Active Directory integrated DNS database replication with "zone
transfer" DNS database replication) is something that one should not do unless
one is _very_ careful and knows _exactly_ what one is doing.
Both of these apply to _all_ DNS server softwares, not just to Microsoft's.
(BIND users coming to another DNS server software such as Microsoft's DNS
server often think that these facts are particular to that other server
software, because coming to that other software is the first place where they
encounter multiple DNS database replication mechanisms in common use. But in
fact it is the BIND world that is the odd one out with peculiar notions. In
the BIND world, there's really only one DNS database replication mechanism in
common use, "zone transfer", and the erroneous beliefs often propagate that
this is the _only_ DNS database replication mechanism and that what it does
with "masters", "slaves", and "SOA" resource records necessarily applies to
all DNS database replication mechanism. However, for most other DNS server
softwares, including Microsoft's, there are usually several DNS database
replication mechanisms, with "zone transfer" being the least functional and
most primitive of them, available and in common use, with different mastering
arrangements and with different usages for the fields in "SOA" resource
records.)
W
William Stacey [MVP]
My intent was not multi-master. You can ad-integrate any primary. So if he
had a ad primary (for some reason) and wanted a std-secondary on the
outside - you could still do the hidden master deal AFAICT.
had a ad primary (for some reason) and wanted a std-secondary on the
outside - you could still do the hidden master deal AFAICT.