Dns forward zone not updating

17-Nov-2019 22:01

You can see that there are three choices for Dynamic Updates: None, Nonsecure and secure, Secure only.

If you're running Samba as Active Directory Domain Controller, you also have to administer a DNS server.

In order to update the timestamp, the DNS records are refreshed periodically even if they actually haven’t changed, just to bump the timestamp.

A special timestamp value of 0 can be set to the resource record, indicating unlimited lifetime of the record. We will reuse a similar mechanism used in the IPA provider where the address used to connect to the AD server LDAP connection is used by default.

While DNS scavenging is not enabled on Active Directory servers by default, the SSSD should support this use case and refresh its DNS records to simulate the behavior of Windows AD clients and keep their address records from being removed if scavenging is used.

dns forward zone not updating-10dns forward zone not updating-4dns forward zone not updating-31dns forward zone not updating-24

Look at the Properties of a DNS zone in the screenshot below.

The update code is already there, it is mostly a matter of splitting the code to be IPA-agnostic.

One change compared to the IPA code would be that IPA only sends the refresh when the addresses change, to avoid unnecessary zone transfers on the IPA server.

Although BIND is a grown up DNS and long in production on millions of servers, the Samba BIND DLZ module is still new.

That's why both backends don't yet cover all the features that you can setup with the Microsoft DNS tools.

Look at the Properties of a DNS zone in the screenshot below.

The update code is already there, it is mostly a matter of splitting the code to be IPA-agnostic.

One change compared to the IPA code would be that IPA only sends the refresh when the addresses change, to avoid unnecessary zone transfers on the IPA server.

Although BIND is a grown up DNS and long in production on millions of servers, the Samba BIND DLZ module is still new.

That's why both backends don't yet cover all the features that you can setup with the Microsoft DNS tools.

A working Active Directory is heavily based on a working DNS.