From: alexander brown (albrown@eecs.berkeley.edu)
Date: Wed Mar 06 2002 - 10:03:52 PST
Hey Jon;
Jon Forrest wrote:
>
> ----- Original Message -----
> From: "alexander brown" <albrown@eecs.berkeley.edu>
> To: "Jon Forrest" <forrest@ce.Berkeley.EDU>
> Cc: <micronet-list@uclink4.berkeley.edu>
> Sent: Tuesday, March 05, 2002 6:37 PM
> Subject: Re: [Micronet] Possible DNS Server Bug in Win2000 (bogus A records)
>
> Thanks for the quick reply, Alex.
>
> > That is in fact a feature. :>
>
> I was afraid of that.
>
> > When you set up an AD, an A record with the name of the zone (i.e.,
> > ce.berkeley.edu) is created, pointing at your domain controller. It
> > does create one for each domain controller. This is 'how it works'.
>
> I wonder if you know where this behavior is described in the MS
> documentation.
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q178169
> This sure sounds incorrect to me. It's almost like somebody got confused
> by the difference between an "A" record and an "NS" record.
>
> In any case, I'm trying to understand what this behavior means.
> There are two cases I can think of that come to mind:
>
> 1) Handling email sent to xxx@ce.berkeley.edu . This is easy since MX
> records
> will be used to resolve ce.berkeley.edu so this strange behavior won't get
> in
> the way.
Right. Although 'finger user@ce.berkeley.edu' will break some
percentage of the time, if you care.
> 2) Handling URLs that refer to http://ce.berkeley.edu . It could be
> argued
> that such URLs should be http://www.ce.berkeley.edu but I think it's
> reasonable
> for both to point to the same place. However, due to the strange behavior
> in question, http://ce.berkeley.edu will resolve to either the correct
> machine,
> or to one of the DCs. Since I'm not foolish enough to run a production
> web server on any of the DCs, this means that 2/3 of the web page requests
> will fail. This is scary.
>
> > It is safe to remove this record (there is a Q article somewhere that
> > documents that). But, if you're running DDNS on your DCs I imagine it
> > will continually repopulate itself, although this may be OK if you're
> > not pointing clients at your DCs for DNS service?
>
> I am running DDNS and I was planning on pointing clients to the DCs
> so this is a big pain. What's a mother to do?
One workaround - this A record gets added along with all the SRV
records. There's a registry hack that prevents the SRV records - and
the A record - from dynamically registering themselves (see Q198767).
You can do this and then add in the rest of the SRV records as static
records. They only change when you demote or rebuild your DC, so this
is relatively safe.
Barring that, I would post this to the w2k-hied list at stanford, which
includes most of the folks who are doing large campuswide AD deployments
(including our very own Eric Chamberlain), as well as many folks at
Microsoft. Mail majordomo@lists.stanford.edu and put 'subscribe
win2000-hied' in the body to subscribe.
--alex
____________________________________________
alex brown
computer user support group
eecs, uc berkeley
------------------------------------------------------------------------
The following was automatically added to this message by the list server:
For information about Micronet, including subscribing to
or unsubscribing from its mailing list and finding out
about upcoming meetings, please visit the Micronet Web site:
<http://micronet.berkeley.edu/>.
This archive was generated by hypermail 2b29 : Wed Mar 06 2002 - 10:04:42 PST