It seems there are a few "interesting" oddities with DNS on Windows Server 2003 (See my earlier post on replication problems during a domain upgrade).
The last one I encountered is replication of secondaries from Bind DNS servers to Windows Server 2003 that fails (Its also a problem with SP1 according to my sources - but I haven’t tested that yet).
After the first successful replication of a secondary zone or after a Reload from Master (Full Zone Transfer / AXFR) Windows will request Incremental Zone Transfers (IXFR) from the BIND server. Windows then expects to receive an IXFR back but instead receives an AXFR that starts and ends with an SOA - Windows then (correctly IMHO) detects the first SOA as a "bad packet" as it should have been a record instead and drops the zone transfer.
The problem is further described in KB 841467 but there is an error in the KB as it states that a Transfer from Master will work - this isn't correct as only a Reload from Master will work (At least in the environment I worked with - Windows 2003 without Servicepack 1 and Borderware firewall with Bind 8.x).
The hotfix itselfs contains a new version of dns.exe and you don't have to boot after applying this hotfix if you manually stop the DNS service before installing it (IMHO the package should do this for you - but thats just my opinion ;-)
Furthermore according to THE book on DNS (DNS and BIND from O'reilly - if in doubt) IXFR didn't work well in BIND until version 8.2.3 (And better yet 9.x)
No comments:
Post a Comment