zonecheck-tests
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [zonecheck-tests] Zonecheck and MS Active Directory DNS


From: Ross Taylor
Subject: RE: [zonecheck-tests] Zonecheck and MS Active Directory DNS
Date: Tue, 4 Sep 2007 17:17:40 +0100

Hi Stephane, thank you for your response.

> Can you provide a domain name as an example so I can test?
Sure, sksl.com
If you query each of the 2 name servers they both report themselves as the
primary soa.

> The point of Zonecheck is to check that all name servers have the same
> SOA, so the zone is consistent. 
If all the name servers report the same serial number, is this not
sufficient?

I don't have a specific workaround to
> offer but I suggest to tell AD to use identical SOA (sorry, I do not
> know AD, I cannot suggest a way to do it).
The only way to use identical SOA is to go back to a 'flat' zone file.
Utarget.fr is hosted on the same Windows dns system as sksl.com, but I have
had to make this into a flat zone file to pass the zonecheck tests.
Im not normally a fan of windows, but in this case the AD system is great,
because if a server dies, rather than restoring zones from backups or
reconfiguring a secondary into a primary, I can just move the IP to another
DNS server in the AD, which is already reporting itself as a primary.

Kind regards,
Ross

-----Original Message-----
From: Stephane Bortzmeyer [mailto:address@hidden 
Sent: 04 September 2007 16:08
To: Ross Taylor
Cc: address@hidden
Subject: Re: [zonecheck-tests] Zonecheck and MS Active Directory DNS

On Mon, Sep 03, 2007 at 05:31:32PM +0100,
 Ross Taylor <address@hidden> wrote 
 a message of 225 lines which said:

> All AD-integrated DNS servers regard themselves as Primaries in SOA
> records,

Can you provide a domain name as an example so I can test? 

> you get the error "The primary nameserver doesn't match the given
> one" because the test checks both servers, and gets a reply back
> from both of them saying they are the primary SOA.

Some TLD use a similar scheme (".at" for instance). It is questionable
and has nothing to do with redundancy (".de" have identical SOA
records while each site generates the zone separately).

The point of Zonecheck is to check that all name servers have the same
SOA, so the zone is consistent. I don't have a specific workaround to
offer but I suggest to tell AD to use identical SOA (sorry, I do not
know AD, I cannot suggest a way to do it).





reply via email to

[Prev in Thread] Current Thread [Next in Thread]