About ms dns - unix binf and multimaster functionality

Hi guys,

i need integrated a MS DNS with a another UX BIND DNS for manage a conflict
to aupdate the "same" reverse zone .

The problem occurred because both dns are autoritative for the same reverse
zone but i have some server (unix like) that use a UX DNS BIND and other
windows server (member server) that use a MS DNS for the domain.

Now i search on internet for a bind/appliance that support a "multimaster
functionality" so i can integrate both DNS but nothing... (i found a
appliance based on ux bind but not support this feature)

Anybody know a appliance that support a multimaster or have a solution to
integrated 2 DNS for manage the same reverse zone and the conflict ?

Thanks in advance.

Why don't you use a Secondary Zone on one of the servers? Dynamic
Updates are always directed to the server listed in the SOA, even if the
client references only a Secondary Server in their TCP/IP configuration.

Chris

INPUTIO wrote:
> Hi guys,
>
> i need integrated a MS DNS with a another UX BIND DNS for manage a
> conflict to aupdate the "same" reverse zone .
>
> The problem occurred because both dns are autoritative for the same
> reverse zone but i have some server (unix like) that use a UX DNS BIND
> and other windows server (member server) that use a MS DNS for the domain.
>
> Now i search on internet for a bind/appliance that support a
> "multimaster functionality" so i can integrate both DNS but nothing...
> (i found a appliance based on ux bind but not support this feature)
>
> Anybody know a appliance that support a multimaster or have a solution
> to integrated 2 DNS for manage the same reverse zone and the conflict ?
>
> Thanks in advance.

Hi Chris,

thanks for your reply.

When you tell a "Secondary Zone " do you intend on my MS DNS ?
If so , there is any particular issue to use this zone as "Secondary" and
not as "Active Directory Integreted" ?

How the 2 DNS (ux bind and ms dns) manage the conflict for a ptr recod on
this zone ?

Example :

dns ux >>> 192.168.20.1 >> server01

dns windows >>> 192.168.20.1 >> server01

A windows member server use a ms dns for update.
The unix erver use a ux bind for update.

How work ?

Thanks for your time.


"Chris Dent" <> ha scritto nel messaggio
news:uEfg9eW%...
>
> Why don't you use a Secondary Zone on one of the servers? Dynamic Updates
> are always directed to the server listed in the SOA, even if the client
> references only a Secondary Server in their TCP/IP configuration.
>
> Chris
>
> INPUTIO wrote:
>> Hi guys,
>>
>> i need integrated a MS DNS with a another UX BIND DNS for manage a
>> conflict to aupdate the "same" reverse zone .
>>
>> The problem occurred because both dns are autoritative for the same
>> reverse zone but i have some server (unix like) that use a UX DNS BIND
>> and other windows server (member server) that use a MS DNS for the
>> domain.
>>
>> Now i search on internet for a bind/appliance that support a "multimaster
>> functionality" so i can integrate both DNS but nothing... (i found a
>> appliance based on ux bind but not support this feature)
>>
>> Anybody know a appliance that support a multimaster or have a solution to
>> integrated 2 DNS for manage the same reverse zone and the conflict ?
>>
>> Thanks in advance.

It doesn't really matter which is Secondary, either of the two would be
fine. It only depends on which you would prefer to maintain as the Primary.

Is there a reason the two zones must both be Primary?

Chris

Hi Chris,

the answer is : i don't know.

I' m not very DNS guru but must resolve a ptr conflict between the dns
server.

Actually i have 2 world : a unix server world with them ux bind dns and a MS
server world with AD and them DNS; both are autoritative for the reverse
zone (the same reverse zone!) . The problem occurred because more unix and
windows server have the same network subnet and so i have the 2 reverse zone
on both dns server with some problem :

Query example on 2 dns server :

192.168.20.1 server1.mydnsUX.local

192.168.20.1 server23.mydnsMS.local

So i think thath is a wrong configuration...

There is any configuration or dns appliance for coexistence of both world
and both DNS ?

Thanks in advance.



"Chris Dent" <> ha scritto nel messaggio
news:uheipsX%...
>
> It doesn't really matter which is Secondary, either of the two would be
> fine. It only depends on which you would prefer to maintain as the
> Primary.
>
> Is there a reason the two zones must both be Primary?
>
> Chris

There are DNS appliances which can share zones like that, but they would
only really be relevant if you were replacing all of your DNS servers with
those (see appliances like InfoBlox if you're curious).

Unfortunately there aren't any that can replicate databases with an MS
server, no official documentation tells us how zone data is stored in AD,
and that's the only database MS DNS will hook into.

If it were mine, I would change one of those zones to Secondary. It seems
very much like it fits your requirements without having to go out of your
way finding something else. It's just a case of picking which one should be
the boss

Which do you prefer to administer? Do you use Dynamic Updates at all
(named.conf for Unix if it's BIND, and properties for the zone in the MS DNS
console)? More likely to be enabled on the Windows side.

If it's dynamic updates on the windows side, but not on Unix I would delete
the current version on the Unix side and create a Secondary zone there (with
the Primary on the Windows server). It would mean having to re-create the
records from the Unix side under Windows. Are there a lot?

Once you've done that, you'll have two identical copies of the zone with any
changes being replicated from Primary to Secondary automatically.

Chris

"INPUTIO" <> wrote in message
news:O8NyGHc%...
> Hi Chris,
>
> the answer is : i don't know.
>
> I' m not very DNS guru but must resolve a ptr conflict between the dns
> server.
>
> Actually i have 2 world : a unix server world with them ux bind dns and a
> MS server world with AD and them DNS; both are autoritative for the
> reverse zone (the same reverse zone!) . The problem occurred because more
> unix and windows server have the same network subnet and so i have the 2
> reverse zone on both dns server with some problem :
>
> Query example on 2 dns server :
>
> 192.168.20.1 server1.mydnsUX.local
>
> 192.168.20.1 server23.mydnsMS.local
>
> So i think thath is a wrong configuration...
>
> There is any configuration or dns appliance for coexistence of both world
> and both DNS ?
>
> Thanks in advance.
>
>
>
> "Chris Dent" <> ha scritto nel messaggio
> news:uheipsX%...
>>
>> It doesn't really matter which is Secondary, either of the two would be
>> fine. It only depends on which you would prefer to maintain as the
>> Primary.
>>
>> Is there a reason the two zones must both be Primary?
>>
>> Chris
>

In news:287DCF83-CF8E-4497-B2E6-,
Chris Dent <>, posted the following, which I replied to down below...: Hello Chris Dent
> There are DNS appliances which can share zones like that, but they
> would only really be relevant if you were replacing all of your DNS
> servers with those (see appliances like InfoBlox if you're curious).
>
> Unfortunately there aren't any that can replicate databases with an MS
> server, no official documentation tells us how zone data is stored in
> AD, and that's the only database MS DNS will hook into.
>
> If it were mine, I would change one of those zones to Secondary. It
> seems very much like it fits your requirements without having to go
> out of your way finding something else. It's just a case of picking
> which one should be the boss
>
> Which do you prefer to administer? Do you use Dynamic Updates at all
> (named.conf for Unix if it's BIND, and properties for the zone in the
> MS DNS console)? More likely to be enabled on the Windows side.
>
> If it's dynamic updates on the windows side, but not on Unix I would
> delete the current version on the Unix side and create a Secondary
> zone there (with the Primary on the Windows server). It would mean
> having to re-create the records from the Unix side under Windows. Are
> there a lot?
>
> Once you've done that, you'll have two identical copies of the zone
> with any changes being replicated from Primary to Secondary
> automatically.
>
> Chris

I must agree, Chris. I beleive INPUTIO, or whomever makes the decisions at the company, need to decide whether to use the Windows side, or the BIND side to be the primary, authorative zone holder, and who's going to hold the secondary. Otherwise, the conflicts will continue to plague the infrastructure.

I would probably opt to use the DNS server that has less servers, such as if there are 20 DCs and only three BIND servers, I would opt to use Windows as the primary to take advantage of AD Integrated zones, otherwise a secondary would need to created on all 20 DCs of the BIND primary zone.

Ace

On 6/30/2009 7:06 AM, Chris Dent wrote:
> It doesn't really matter which is Secondary, either of the two would be
> fine. It only depends on which you would prefer to maintain as the Primary.

I would make the primary be the server that will have more updates. I'm
thinking that it will be more efficient for ""fewer updates to have to
be forwarded from the secondary server to the primary server.



Grant. . . .

Hi Chris

in line...

"Chris Dent" <> ha scritto nel messaggio
news:287DCF83-CF8E-4497-B2E6-...
>
> There are DNS appliances which can share zones like that, but they would
> only really be relevant if you were replacing all of your DNS servers with
> those (see appliances like InfoBlox if you're curious).

I know and see infoblox but this appliace not have a "multimaster feature"
(so like ms dns) so i can replicate a ptr record across infoblox and dns
microsoft transparently...

>
> Unfortunately there aren't any that can replicate databases with an MS
> server, no official documentation tells us how zone data is stored in AD,
> and that's the only database MS DNS will hook into.
>
> If it were mine, I would change one of those zones to Secondary. It seems
> very much like it fits your requirements without having to go out of your
> way finding something else. It's just a case of picking which one should
> be the boss
>
> Which do you prefer to administer? Do you use Dynamic Updates at all
> (named.conf for Unix if it's BIND, and properties for the zone in the MS
> DNS console)? More likely to be enabled on the Windows side.

the dynamic update are used also on unix side.

> If it's dynamic updates on the windows side, but not on Unix I would
> delete the current version on the Unix side and create a Secondary zone
> there (with the Primary on the Windows server). It would mean having to
> re-create the records from the Unix side under Windows. Are there a lot?
>
> Once you've done that, you'll have two identical copies of the zone with
> any changes being replicated from Primary to Secondary automatically.

If in production evoiment i change the configuration for the reverse zone
(as primary o secondary) will be possible any issue ?

Are you using a Infoblox appliance ?

Thanks in advance.

Thanks for you comment Ace.


"Ace Fekay [Microsoft Certified Trainer]" <>
ha scritto nel messaggio news:O04g%23$d%...
In news:287DCF83-CF8E-4497-B2E6-,
Chris Dent <>, posted the following, which I replied to
down below...: Hello Chris Dent
> There are DNS appliances which can share zones like that, but they
> would only really be relevant if you were replacing all of your DNS
> servers with those (see appliances like InfoBlox if you're curious).
>
> Unfortunately there aren't any that can replicate databases with an MS
> server, no official documentation tells us how zone data is stored in
> AD, and that's the only database MS DNS will hook into.
>
> If it were mine, I would change one of those zones to Secondary. It
> seems very much like it fits your requirements without having to go
> out of your way finding something else. It's just a case of picking
> which one should be the boss
>
> Which do you prefer to administer? Do you use Dynamic Updates at all
> (named.conf for Unix if it's BIND, and properties for the zone in the
> MS DNS console)? More likely to be enabled on the Windows side.
>
> If it's dynamic updates on the windows side, but not on Unix I would
> delete the current version on the Unix side and create a Secondary
> zone there (with the Primary on the Windows server). It would mean
> having to re-create the records from the Unix side under Windows. Are
> there a lot?
>
> Once you've done that, you'll have two identical copies of the zone
> with any changes being replicated from Primary to Secondary
> automatically.
>
> Chris

I must agree, Chris. I beleive INPUTIO, or whomever makes the decisions at
the company, need to decide whether to use the Windows side, or the BIND
side to be the primary, authorative zone holder, and who's going to hold the
secondary. Otherwise, the conflicts will continue to plague the
infrastructure.

I would probably opt to use the DNS server that has less servers, such as if
there are 20 DCs and only three BIND servers, I would opt to use Windows as
the primary to take advantage of AD Integrated zones, otherwise a secondary
would need to created on all 20 DCs of the BIND primary zone.

Ace