Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Re: DNS zone transfer

3 views
Skip to first unread message

Jonathan de Boyne Pollard

unread,
Jan 19, 2010, 9:31:17 PM1/19/10
to

Just want to clarify ... I have read it is not recommended to configure a notify list for Integrated active zones because it can degrade  system performance.

It's not recommended to configure a notify list because it's mixing and matching two different DNS database replication mechanisms: Active Directory and "zone transfer".  Such notifications are part of the "zone transfer" database replication mechanism.  The "master" content DNS server sends notificiations to "slaves", letting the slaves know that there are updates available and that they should initiate zone transfers if they so desire.  If one is replicating one's DNS data using Active Directory, then it's sensless to be sending "zone transfer" notifications around, since one isn't using the "zone transfer" mechanism to replicate those data in the first place.

Jonathan de Boyne Pollard

unread,
Jan 26, 2010, 4:11:01 AM1/26/10
to

My question is since I don't have rights to administer this DNS server how can I speed up the changes to the secondary on my DCs.? I search for notify option on the secondary zone but was unable to find such setting or perhaps I am mistaken..

Yes, you're mistaken.  As I wrote before, notifications are sent from the "master" to the "slave".  So whether and when notifications are generated is, obviously, a configuration option on the master.  There's nothing that you, on the slave, can do to alter whether and when the master decides to inform you about things.  That's for the people in that "different group" to configure.  If they make changes in their DNS data and those changes don't propagate to other content DNS servers quickly enough for your taste, then it's their problem to fix.  They are the ones maintaining the server, and they are the ones with the machine that has the sole knowledge of when DNS data have been changed.

Your only option, from where you stand, is to decide not to replicate those data, and to decide to force all enquiries to go directly to the master content DNS server that that "different group" runs.  (This can be done in two ways: conditional forwarding, to pass off the entire job of query resolution to that other group's server, or "stub zones", to retain the task of query resolution yourself locally, but to ensure that your resolving proxy contacts the other group's content server.)  Obviously, you're replicating the DNS content because you don't want the extra long-distance query traffic and you don't want to rely upon the network links always being up.  So there's a price for that option that you will vrey probably be unwilling to pay.  You need to decide whether you want to pay that price, or whether you will find it cheaper to talk to that "different group" about its server sending notification messages.

southpaw

unread,
Jan 26, 2010, 10:36:10 AM1/26/10
to
Jonathan,
 
Thank you for your valuable input. ..

I wanted to get all the facts in before  I contact DNS group. Now that  I am armed with this insightful knowledge I think I would resort to the latter option and contact the Meta ip DNS server group and perhaps suggest setting up notification messages on the Master .
 
One question,.. Alert notification can only be set up on the Master/primary DNS server, correct . Also, is there any relation to alert notification messages and SOA refresh interval?
 
Thanks again.

Dave Warren

unread,
Jan 26, 2010, 12:24:46 PM1/26/10
to
In message <ubnkK1pn...@TK2MSFTNGP02.phx.gbl> "southpaw"

<nos...@somewhere.com> was claimed to have wrote:

>Alert notification can only be set up on
>the Master/primary DNS server, correct .

In this context, yes.

>Also, is there any relation to alert notification
>messages and SOA refresh interval?

They do similar things, but in different ways.

The SOA refresh interval tells secondary servers how often to check with
the master for zone file updates. In the absence of notifications, this
controls how long it will take before updates are noticed.

Notifies largely negate the refresh interval since they allow the master
to tell the slaves when an update has been made. However, notifies are
pushed out and there is no mechanism to ensure they're delivered
successfully, so the refresh interval still needs to be set to something
sane to handle the case of a lost notify.

southpaw

unread,
Jan 27, 2010, 6:47:52 PM1/27/10
to
Thanks Dave...

"Dave Warren" <dave-...@djwcomputers.com> wrote in message
news:g19ul5de2j6b7qi84...@4ax.com...

0 new messages