Table of Contents
Advertisement
Getting records from Domain Controllers into Alcatel-Lucent DNS Primary
Servers
SRV records are created and maintained by Microsoft Domain Controllers (DCs). The
SRV records are created when the DCs come online and periodically thereafter, and
deleted when the DCs do a proper shutdown. To determine which DNS server gets the
updates, the DC first sends an SOA query to whatever DNS server is configured in its lo-
cal TCP/IP Properties as the Preferred DNS Server. Then, DNS looks at the SOA record
to see which DNS server is identified as the primary server for that domain or reverse
zone, and sends the DDNS transaction to that server.
This solution works with any DNS server that is able to receive RFC 2136 DDNS up-
dates, for example, any server that is based on BIND 8.x or BIND 9.x. Windows 2003
DNS is not required. For the DNS server to be able to accept updates from the DC, the
allow-update permissions for the appropriate domains and reverse zones should be set
to include the IP address of the DC.
If the Windows 2003 clients are configured to use Secure Updates, Alcatel-Lucent DNS
can still receive these updates if it is appropriately configured and has suitable Kerberos
principal information, although standard BIND 8.x or BIND 9.x servers cannot. Secure
zones would not usually be a part of Solution 1, but could be implemented to protect
against IP spoofing attacks if necessary. This would require that the customer have
knowledge and experience with Kerberos.
Getting records from DNS to VitalQIP
As mentioned above, one of the challenges in Windows 2003 integration is to get SRV
records and other data from dynamic updates into VitalQIP's database (Sybase or
Oracle). This can be done in one of two ways (disregarding manual methods):
Alcatel-Lucent | Integration of VitalQIP® with Microsoft Windows 2003 Networking/Active Directory
1. Qip-syncexternal: This is a command line interface utility, which is similar to the
previous "qipminiddma" utility of VitalQIP 5.x. In brief, it works by requesting a zone
transfer from a particular DNS server, then comparing the contents of that zone or
zones with the VitalQIP database and updating the database as necessary. It must
run periodically, at least once before each DNS Generation to that DNS server, al-
though that can be automated. This will be discussed in more detail in Solution 2.
2. External Updates: If the DNS server is running Alcatel-Lucent DNS 3.1 or 4.0,
the recommended method is external updates. An Alcatel-Lucent DNS server can
be configured to forward all updates of certain types and certain zones to VitalQIP
Message Service, and then Message Service and DNS Update Service can be
configured to forward these to the Enterprise server and/or to other DNS servers.
This happens in a continuous fashion, ensuring that SRV records and other critical
information are preserved and are distributed quickly. External updates are gener-
ally preferable to qip-syncexternal because:
VitalQIP administrators will be able to see new records in the GUI almost
•
immediately
DDNS updates that come in during the execution of qip-syncexternal
•
might be lost if DNS Generation is performed immediately afterwards; qip-
syncexternal can take awhile to run whereas a single DDNS update is very
quick
7
Advertisement
Table of Contents
