Table of Contents
Advertisement
Alcatel-Lucent | Integration of VitalQIP® with Microsoft Windows 2003 Networking/Active Directory
If the DHCP and underscore child domains are separated from the parent domain, but
most static IP addresses are located in the parent domain, qip-syncexternal can be used
as follows for each domain,:
Run it frequently for the underscore domains for all record types even though the
•
primary emphasis is on capturing SRV records and CNAME records. Since the
underscore domains are fairly small, this can run quickly.
Run it seldom, if ever, for the DHCP child domain: the DHCP hostnames should
•
already be in the VitalQIP database if the DHCP server is updating VitalQIP (see
"Getting DHCP client hostnames into DNS" on page 16). The DHCP domain
would have only A records to be updated, not any CNAME or SRV records.
Run it occasionally to capture A records from the parent zone, if allow-update is
•
enabled and if Windows clients with static IP address are supposed to put records
into it. qip-syncexternal ignores hostnames that are already in VitalQIP as static IP
objects.
Run it occasionally to capture PTR records from the reverse zones, if Windows
•
clients with static IP addresses are supposed to put records into them. In other
words, the handling of the reverse zone would depend on the handling of the
parent forward zone.
Determining when and how to perform DNS Generation
Frequent DNS Generation should not be needed because resource records from MS-
DHCP clients and Windows 2003 clients get into DNS directly. However, a few changes
in VitalQIP will require a DNS Generation; for example:
Changes in zone options
•
Adding or deleting a zone fr om a particular server
•
Changes in server options
•
Manual changes on the Resource Records tab
•
Changes in static IP objects (for non-Windows 2003 servers that cannot register
•
in DNS themselves)
When one of these cases arises, the VitalQIP administrator should perform DNS Gen-
eration, unless there is already a scheduled one that will occur soon enough to meet the
requirements. The DNS Generation must also involve qip-syncexternal, as explained in
"Getting records from DNS into VitalQIP".
A new feature of VitalQIP 6.1 SP1 is very important for this scenario of performing DNS
Generation to AD-integrated MS-DNS servers. A full DNS Generation to replace an
entire zone in MS-DNS will trigger the LDAP replication of the entire zone with all other
DNS servers. In addition, the GSS-TSIG ownership information of each record in a se-
cure zone will be lost when DNS Generation is performed. To minimize these problems,
DNS Generation to an AD-integrated zone on MS-DNS should be performed with the
new "Changed Records Only" option. In this type of DNS Generation, only differences
between the current zone and the VitalQIP database are applied via dynamic update
or (in the case of a zone with allow-update = no) dnscmd commands. In Solution 2, the
zone might be large, but the changes from a single DNS Generation would be few, and
a replication "storm" would be avoided.
15
Advertisement
Table of Contents
