Table of Contents
Advertisement
Use of primary/secondary DNS servers and zone transfers
In most VitalQIP installations, one DNS server is a master (primary) for a particular
domain and other DNS servers might be slaves (secondary) for it. This is in contrast to
the multi-master configuration recommended by Microsoft, which has all DNS servers be
master for the zone and lets LDAP replication keep the data consistent. Either approach
can work, as long as DDNS updates and/or zone transfers reach all the necessary DNS
servers.
If the DNS servers are already working correctly, keeping the existing design as much as
possible can minimize downtime for the implementation of Windows 2003 networking.
Clients, however, need to have SRV records as up-to-date as possible; the default Re-
fresh Time of six hours is unacceptable. For the special underscore zones that contain
these SRV records, the following alternatives are recommended:
Having "Notify=Yes" for large zones that have very frequent updates will hurt the perfor-
mance of the DNS primary server. If the DNS design requires frequent updates and zone
transfers of large zones, DNS lookups will be faster if they are performed on the DNS
secondary servers rather than on the primary server.
Alternatively, you may wish to have all applicable DNS servers as Primary for these par-
ticular zones and none of them as Secondary; that is, a multi-master DNS design. This
is easier to do if the underscore domains have been defined separately from the parent
domains: the child domains can be multi-master but you can keep your existing primary/
secondary design for the parent domain. In that case, the problems of zone transfers
of the underscore domains will never arise since all updates will be shared using the
External Update mechanism. Certain changes in VitalQIP (for example, changes on the
Resource Records tab) would need to be pushed to all DNS primary servers, but those
changes in VitalQIP would generally be for the parent domain, and not for the under-
score child domains.
If you have multiple primary servers for a certain zone, we recommend the following:
Alcatel-Lucent | Integration of VitalQIP® with Microsoft Windows 2003 Networking/Active Directory
Have a much shorter Refresh Time (down to 10 minutes). or
•
Set "Notify=Yes". If Notify is set to Yes, the DNS primary server notifies the
•
secondary servers immediately upon any change, and the secondary server
requests an IXFR zone transfer or
Route the DNS update via the DNS Update Service and have the policy
•
UpdateSecondaries set to True, so that the DNS Update Service sends the
change directly to all primary and secondary servers.
Do not have secondary servers as well for the same zone, especially not with a
•
secondary server getting the zones from several primary servers at the same time.
Although VitalQIP allows this configuration, it often causes data inconsistencies
between the DNS servers, as well as serial number mismatches.
The primary servers should be all Alcatel-Lucent DNS or all MS Windows 2003
•
DNS. You should not have one primary be Alcatel-Lucent and another Microsoft
because they do not replicate the zone information in the same way.
6
Advertisement
Table of Contents
