DS Integrated Forwarders - IPv6

Anyone have a pair of DCs running 2008 / 2008 R2? I'm curious if a DS
Integrated Forwarder using IPv6 addressing replicates.

I'm trying to figure out if I need to bother attempting to figure out
the format of one of the dnsProperty attributes (two of them hold data
about master servers, the simpler one is only capable of holding IPv4
addressing).

Chris

Chris Dent wrote:
>
> Anyone have a pair of DCs running 2008 / 2008 R2? I'm curious if a DS
> Integrated Forwarder using IPv6 addressing replicates.
>
> I'm trying to figure out if I need to bother attempting to figure out
> the format of one of the dnsProperty attributes (two of them hold data
> about master servers, the simpler one is only capable of holding IPv4
> addressing).
>
> Chris

Never mind, it is in the second of the properties.

Documentation that states the two fields have the same format is quite
irritating when they so obviously do not.

Chris

Just in case anyone is remotely interested (it may well be only me that is).

This is a very rough decode for the data portion of the dnsProperty with
ID DSPROPERTY_ZONE_MASTER_SERVERS_DA.

UInt32 MaxCount
UInt32 AddrCount
Byte[24] - Unknown stuff (all 0)

Then for a block for each Address as:

UInt16 AF
UInt16 P
Byte[4] - An IPv4 Address (or 4 bytes of 0 if none set)
Byte[16] - An IPv6 Address (or 16 bytes of 0 if none set)
Byte[8] - Unknown stuff (all 0)
UInt32 SALen
Byte[28] - Unknown stuff (all 0) - Assumed to include SA property,
maximum length appears to be 28. The field appears to be 28 bytes long
regardless of SALen.

A bit of a mess. Not much I can do with lots of zero's unfortunately.

AF / P / SALen are the values seen if you run "dnscmd /ZoneInfo
somezone.com". Don't ask me what they actually mean, but if anyone else
knows I'd be extremely interested.

Chris

"Chris Dent" <> wrote in message news:...
> Just in case anyone is remotely interested (it may well be only me that is).
>
> This is a very rough decode for the data portion of the dnsProperty with
> ID DSPROPERTY_ZONE_MASTER_SERVERS_DA.
>
> UInt32 MaxCount
> UInt32 AddrCount
> Byte[24] - Unknown stuff (all 0)
>
> Then for a block for each Address as:
>
> UInt16 AF
> UInt16 P
> Byte[4] - An IPv4 Address (or 4 bytes of 0 if none set)
> Byte[16] - An IPv6 Address (or 16 bytes of 0 if none set)
> Byte[8] - Unknown stuff (all 0)
> UInt32 SALen
> Byte[28] - Unknown stuff (all 0) - Assumed to include SA property,
> maximum length appears to be 28. The field appears to be 28 bytes long
> regardless of SALen.
>
> A bit of a mess. Not much I can do with lots of zero's unfortunately.
>
> AF / P / SALen are the values seen if you run "dnscmd /ZoneInfo
> somezone.com". Don't ask me what they actually mean, but if anyone else
> knows I'd be extremely interested.
>
> Chris



Chris,

I haven't looked into it this deep, however, I do appreciate you posting this info. I've set conditional forwarding AD integrated with two 2008 R2 DCs at a customer site without problems. The only time I see problems is with DCs and mixed operating systems, which I opt it to not store it in AD. IIRC, there was a thread asking about this recently where the poster indicated they have a 2008 R2 DC and a 2003 DC in 2003 mode. I think that would have been the cause and teh resolution to remove the Conditional Forwarder from being AD integrated, and simply use an AD Integrated Stub Zone.


--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among responding engineers, and to help others benefit from your resolution.

Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services

If you feel this is an urgent issue and require immediate assistance, please contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers.

>
>
> UInt16 AF
>
Almost certainly address family.

Jonathan de Boyne Pollard wrote:
>>
>>
>> UInt16 AF
>>
> Almost certainly address family.
>

Ahh, that would make sense. Thank you Jonathan, I'll slot that in and
see how it plays

Chris

> Chris,
>
> I haven't looked into it this deep, however, I do appreciate you posting this info. I've set conditional forwarding AD integrated with two 2008 R2 DCs at a customer site without problems. The only time I see problems is with DCs and mixed operating systems, which I opt it to not store it in AD. IIRC, there was a thread asking about this recently where the poster indicated they have a 2008 R2 DC and a 2003 DC in 2003 mode. I think that would have been the cause and teh resolution to remove the Conditional Forwarder from being AD integrated, and simply use an AD Integrated Stub Zone.

Hmm that makes me wonder if any of the values of dnsProperty have
changed substantially between different versions (IPv6 support being
comparitively recent). I haven't actually tested the decode for this
particular ID on anything but a very small 2008 deployment.

Anyway, I've incorporated this bit of work today into my PS module (to
finish off Get-ADDnsZone). If you happen to use PowerShell and want to
have a play I'm always interested in feedback (even if that's limited to
"what where you thinking?!")

http://code.msdn.microsoft.com/dnsshell

I must try and see if the values it posts for AF hold true to address
family in the morning, it would be nice to nail that one down.

And I really must build myself a more complete test system.

Chris

Before I forget... I suspect p is Port. All you have to do is switch the
endian order and you get 53.

I wonder if that means you can give it an alternate port on the
forwarder... something to try for the manually built dnsProperty entries.

Chris

That makes sense, thank you again.

Jonathan de Boyne Pollard wrote:
>>
>> Before I forget... I suspect p is Port. All you have to do is switch
>> the endian order and you get 53.
>>
> These are standard fields of socket address structures, and network
> byte order is standard as well. Compare |sockaddr|
> <http://msdn.microsoft.com/en-us/library/ms740496%28VS.85%29.aspx>,
> for example.
>

--
Blog: http://www.indented.co.uk
DnsShell: http://code.msdn.microsoft.com/dnsshell

"Chris Dent" <> wrote in message news:u$sXU0$...
>> Chris,
>>
>> I haven't looked into it this deep, however, I do appreciate you posting this info. I've set conditional forwarding AD integrated with two 2008 R2 DCs at a customer site without problems. The only time I see problems is with DCs and mixed operating systems, which I opt it to not store it in AD. IIRC, there was a thread asking about this recently where the poster indicated they have a 2008 R2 DC and a 2003 DC in 2003 mode. I think that would have been the cause and teh resolution to remove the Conditional Forwarder from being AD integrated, and simply use an AD Integrated Stub Zone.
>
> Hmm that makes me wonder if any of the values of dnsProperty have
> changed substantially between different versions (IPv6 support being
> comparitively recent). I haven't actually tested the decode for this
> particular ID on anything but a very small 2008 deployment.
>
> Anyway, I've incorporated this bit of work today into my PS module (to
> finish off Get-ADDnsZone). If you happen to use PowerShell and want to
> have a play I'm always interested in feedback (even if that's limited to
> "what where you thinking?!")
>
> http://code.msdn.microsoft.com/dnsshell
>
> I must try and see if the values it posts for AF hold true to address
> family in the morning, it would be nice to nail that one down.
>
> And I really must build myself a more complete test system.
>
> Chris


I can't help too much with the dev portion, since that is not my forte. I hope Jonathan's responses help.

Ace